CVE-2025-3753 HIGH

CVE-2025-3753: Unsafe use of eval() method in rosbag tool

Vendor Open Source Robotics Foundation
Product Robot Operating System (ROS)
Weakness CWE-95 · Eval injection
Published July 17, 2025
Last update July 18, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

Key dates

02Disclosure timeline

July 17, 2025 CVE published
July 18, 2025 Record updated