Vulnerability Database

309,130

Total vulnerabilities in the database

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.

Published: Jul 17, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-39289
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
openrobotics / robot_operating_system	indigo_igloo	indigo_igloo.x
openrobotics / robot_operating_system	kinetic_kame	kinetic_kame.x
openrobotics / robot_operating_system	melodic_morenia	melodic_morenia.x
openrobotics / robot_operating_system	noetic_ninjemys	noetic_ninjemys.x

https://www.ros.org/blog/noetic-eol/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo