95 matches found
PT-2025-36340
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.25.23 and below Description: Roo Code, an AI-powered autonomous coding agent, is susceptible to a flaw where VS Code workspace configuration files .code-workspace lack the same protection as files within the .vscode folder...
CVE-2025-57771
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...
CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...
CVE-2025-57771
CVE-2025-57771 affects Roo Code prior to 3.25.5. The flaw lies in the command parsing for auto-execute commands, where process substitution and single ampersand handling can be bypassed, allowing an attacker who can submit crafted prompts to cause arbitrary commands to run alongside the intended ...
CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...
Roo Code 操作系统命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code versions prior to 3.25.5, which stems from a flaw in the command parsing logic that could lead to the execution of arbitrary code...
PT-2025-34449 · Robocode · Robocode
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.25.5 Description: Roo Code, an AI-powered autonomous coding agent, does not correctly process process substitution and single ampersand characters within its command parsing logic for auto-execute commands. If a...
CVE-2025-54377
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...
CVE-2025-54377
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...
CVE-2025-54377 Roo Code Lacks Line Break Validation in its Command Execution Tool
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...
CVE-2025-54377 Roo Code Lacks Line Break Validation in its Command Execution Tool
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...
Roo Code 命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code 3.23.18 and earlier versions, which stems from insufficient command input validation and could lead to a command injection attack...
PT-2025-30619 · Robocode · Robocode
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.23.18 and below Description: Roo Code, an AI-powered autonomous coding agent, does not validate line breaks in its command input. This bypasses the allow-list mechanism due to a lack of parsing or validation logic,...
CVE-2025-53536
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
CVE-2025-53536
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
Roo Code 安全漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A security vulnerability exists in Roo Code versions prior to 3.22.6, which stems from an attacker being able to submit a prompt to write to a VS Code settings file and trigger code execution, potentially leading to remote code...
PT-2025-28241 · Robocode +1 · Robocode +1
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.22.6 Description: Roo Code is an AI-powered autonomous coding agent. If the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and...