95 matches found
CVE-2025-58373
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...
CVE-2025-58373 Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...
CVE-2025-58373
Roo Code (editor-integrated AI coding agent) versions 3.25.23 and earlier contain a symlink-based bypass of the .rooignore protections. An attacker with write access to the workspace could trick the extension into reading files that should be excluded (for example, .env or other configuration dat...
CVE-2025-58373 Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...
CVE-2025-58372
Roo Code CVE-2025-58372 affects versions ≤3.25.23 where certain VS Code workspace files (.code-workspace) aren’t protected like the .vscode folder. If auto-approve for file writes is enabled and prompts are manipulated (e.g., via prompt injection), an attacker could write malicious workspace sett...
CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...
CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...
CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371
CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...
CVE-2025-58370
Roo Code (AI-powered coding agent) versions prior to 3.26.0 contain a vulnerability in the command parsing logic where Bash parameter expansion and indirect references are not handled correctly. If prompts allow auto-approval of commands, an attacker who can influence prompts could cause the agen...
CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
Roo Code 操作系统命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code versions prior to 3.26.0, which stems from an error in the command parsing logic and could lead to the execution of arbitrary commands...
Roo Code 后置链接漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A backlink vulnerability exists in Roo Code 3.25.23 and earlier versions, which stems from a symbolic link bypassing protection and could lead to the disclosure of sensitive information...
Roo Code 操作系统命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code 3.26.6 and prior versions, which stems from workflows that do not clean up their inputs and could lead to remote code execution...
Roo Code 安全漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A security vulnerability exists in Roo Code version 3.25.23 and earlier, which stems from inadequate configuration file protection and could lead to arbitrary code execution...
PT-2025-36338
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.26.0 Description: Roo Code is an AI-powered autonomous coding agent. A weakness exists in the command parsing logic due to incorrect handling of Bash parameter expansion and indirect reference. If the agent was...
PT-2025-36339
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...