Primary

Context

Robot Operating System Code Execution Vulnerability in rosparam Tool

Vulnerability

Patched

A code execution vulnerability exists in the Robot Operating System (ROS) 'rosparam' tool, impacting ROS distributions Noetic Ninjemys and earlier. The issue arises from the 'rosparam' tool's use of the eval() function to handle unsanitized, user-supplied parameter values, particularly through special converters for angle representations in radians. This vulnerability enables attackers to craft and execute arbitrary Python code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are encouraged to migrate to ROS 2, as ROS 1 Noetic will reach end-of-life on May 31, 2025. After this date, Noetic users may be exposed to unpatched security vulnerabilities. Migration guides for ROS 2 Humble Hawksbill and ROS 2 Jazzy Jalisco are available in the official ROS documentation.

Added: Jul 17, 2025, 9:04 PM

Updated: Jul 17, 2025, 10:13 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Robot Operating System Code Execution Vulnerability in rosparam Tool

Vulnerability

Impact

Remediation

Affected Products

Robot Operating System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating