Unrated severityNVD Advisory· Published Jul 17, 2025· Updated Jul 18, 2025

Unsafe use of eval() method in rosparam tool

CVE-2024-39289

Description

A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.

Affected products

ROS/rosparamllm-create
Range: Noetic Ninjemys and earlier
Open Source Robotics Foundation/Robot Operating System (ROS)v5
Range: Noetic Ninjemys

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ros.org/blog/noetic-eol/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000