Unrated severityNVD Advisory· Published Jul 17, 2025· Updated Jul 18, 2025

Unsafe use of eval() method in roslaunch tool

CVE-2024-39835

Description

A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code.

Affected products

ROS/roslaunchllm-create
Range: <= Noetic Ninjemys
Siemens Foundation/Rosllm-fuzzy
Range: <= Noetic Ninjemys
Open Source Robotics Foundation/Robot Operating System (ROS)v5
Range: Noetic Ninjemys

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ros.org/blog/noetic-eol/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000