CVE-2025-3753

NameCVE-2025-3753
DescriptionA code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1110773

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ros-ros-comm (PTS)bullseye1.15.9+ds1-7+deb11u1vulnerable
bookworm1.15.15+ds-2vulnerable
forky, trixie1.17.0+ds-2vulnerable
sid1.17.4+ds-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ros-ros-commsource(unstable)(unfixed)unimportant1110773

Notes

Negligible security impact
Search for package or bug name: Reporting problems