Permalink
CVE-2025-3753
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Unsafe use of eval() method in rosbag tool
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
References
Affected products
rosbag
- ==Kinetic Kame
- ==Melodic Morenia
- ==Indigo Igloo
- ==Noetic Ninjemys
Matching in nixpkgs
pkgs.python312Packages.rosbags
Pure Python library to read, modify, convert, and write rosbag files
-
nixos-unstable -
- nixpkgs-unstable 0.10.11
pkgs.python313Packages.rosbags
Pure Python library to read, modify, convert, and write rosbag files
-
nixos-unstable -
- nixpkgs-unstable 0.10.11
Package maintainers
-
@nim65s Guilhem Saurel <guilhem.saurel@laas.fr>