Description
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
References (1)
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
9.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-95
CWE-94
Status
published
Products (4)
openrobotics/robot_operating_system
indigo_igloo
openrobotics/robot_operating_system
kinetic_kame
openrobotics/robot_operating_system
melodic_morenia
openrobotics/robot_operating_system
noetic_ninjemys
Published
Jul 17, 2025
Tracked Since
Feb 18, 2026