Roo Code
CVE-2025-58370
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one. This is fixed in version 3.26.0.
AnalysisAI
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one. This is fixed in version 3.26.0. Affected products include: Roocode Roo Code. Version information: version 3.26.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stor
A security vulnerability in Roo Code (CVSS 5.9). Remediation should follow standard vulnerability management procedures.
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vul
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 7.8), this vul
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated medium severity (CVSS 5.5), this v
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vul
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated critical severity (CVSS 9.9), this
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today