3 matches found
CVE-2025-58372
Roo Code CVE-2025-58372 affects versions ≤3.25.23 where certain VS Code workspace files (.code-workspace) aren’t protected like the .vscode folder. If auto-approve for file writes is enabled and prompts are manipulated (e.g., via prompt injection), an attacker could write malicious workspace sett...
CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...
CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...