CVE-2024-39289
HIGHRobot Operating System Noetic Ninjemys and earlier - Remote Code Execution via rosparam Angle Converter Eval Injection
Title source: llmDescription
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.
References (1)
Core 1
Core References
Product product
https://www.ros.org/blog/noetic-eol/
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
6.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-95
CWE-94
Status
published
Products (4)
openrobotics/robot_operating_system
indigo_igloo
openrobotics/robot_operating_system
kinetic_kame
openrobotics/robot_operating_system
melodic_morenia
openrobotics/robot_operating_system
noetic_ninjemys
Published
Jul 17, 2025
Tracked Since
Feb 18, 2026