CVE-2025-3753 - ROS Robot Operating System 'rosbag' Code Execution Vulnerability

CVE ID : CVE-2025-3753

Published : July 17, 2025, 8:15 p.m. | 2 hours, 13 minutes ago

Description : A code execution vulnerability has been identified in the Robot Operating System (ROS) ‘rosbag’ tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the ‘rosbag filter’ command. This flaw enables attackers to craft and execute arbitrary Python code.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-46720 – Keystone Node.js Oracle Filter Bypass

May 5, 2025

CVE ID : CVE-2025-46720

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don’t use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

I ran with Samsung’s Galaxy Watch 8 Classic, and it both humbled and motivated me

You can finally move Chrome’s address bar on Android – here’s how

Is your Ring camera showing strange logins? Here’s what’s going on

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

Ubuntu 25.10 Shrinks its Raspberry Pi Install Footprint

Microsoft kills Movies & TV storefront on Windows and Xbox — here’s what will happen to your purchased media

CVE-2025-3753 – ROS Robot Operating System ‘rosbag’ Code Execution Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-46011 – Listmonk SQL Injection Privilege Escalation

CVE-2025-33067 – Windows Kernel Privilege Escalation Vulnerability

CVE-2025-0856 – WordPress PGS Core Plugin Unauthenticated Remote Data Manipulation

The A24 Elden Ring movie is real and has a director, but I have no idea how it’s going to work

CVE-2025-46720 – Keystone Node.js Oracle Filter Bypass

CVE-2025-6848 – Simple Forum Unrestricted File Upload Vulnerability

VideoDubber’s YouTube Channel ID Finder

How I automate basic tasks on Linux with bash scripts – and why you should try it

CVE-2025-3753 – ROS Robot Operating System ‘rosbag’ Code Execution Vulnerability

Related Posts