Code Execution Vulnerability in Robot Operating System Tool by Open Robotics
CVE-2024-39289

7.8HIGH

Key Information:

Vendor

Open Source Robotics Foundation

Status
Robot Operating System (ros)
Vendor
CVE Published:
17 July 2025

What is CVE-2024-39289?

A code execution vulnerability exists in the 'rosparam' tool of the Robot Operating System (ROS), which affects several ROS distributions, including Noetic Ninjemys and earlier versions. This vulnerability arises from the unsafe implementation of the eval() function, allowing attackers to exploit unsanitized user-input parameter values, particularly through specialized converters for angle representations in radians. By leveraging this flaw, an attacker can execute arbitrary Python code on vulnerable systems, posing a significant security risk.

Affected Version(s)

Robot Operating System (ROS) Linux Noetic Ninjemys

Robot Operating System (ROS) Linux Melodic Morenia

Robot Operating System (ROS) Linux Kinetic Kame

References

https://www.ros.org/blog/noetic-eol/
product

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Florencia Cabral Berenfus, Ubuntu Robotics Team
.
CVE-2024-39289 : Code Execution Vulnerability in Robot Operating System Tool by Open Robotics