CVE-2025-3753
Publication date 17 July 2025
Last updated 24 July 2025
Ubuntu priority
Description
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ros-ros-comm | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| ros-kinetic-ros-comm | 16.04 LTS xenial |
Fixed 1.12.17+9
|
| ros-melodic-ros-comm | 18.04 LTS bionic |
Fixed 1.14.13+5
|
| ros-noetic-ros-comm | 20.04 LTS focal |
Fixed 1.17.4+2
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |