Platform
other
Component
roo-code
Fixed in
3.26.1
CVE-2025-58372 describes a Remote Code Execution (RCE) vulnerability in Roo Code, an AI-powered autonomous coding agent. This flaw arises from insufficient protection of .code-workspace files, allowing attackers to inject malicious settings or tasks. Versions 3.25.23 and earlier are affected, and a fix is available in version 3.26.0.
An attacker exploiting this vulnerability could gain complete control over a user's development environment. By crafting malicious .code-workspace files and leveraging prompt injection techniques to influence the agent's actions, they can inject arbitrary code that will be executed automatically when the workspace is reopened. This could lead to data theft, system compromise, or the installation of malware. The potential blast radius extends to any sensitive data stored within the workspace or accessible through the user's development tools. The autonomous nature of the coding agent amplifies the risk, as the attacker doesn't necessarily need direct interaction with the user's machine after the initial injection.
This CVE was published on 2025-09-05. No public proof-of-concept (PoC) has been released at the time of writing, but the vulnerability's nature and potential impact warrant careful attention. The EPSS score is likely to be medium, given the potential for remote exploitation and the severity of the impact. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to Roo Code version 3.26.0 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider restricting the agent's ability to auto-approve file writes. Review all .code-workspace files for any suspicious content, especially if the agent has recently been influenced by external prompts. Implement strict input validation and sanitization for prompts used by the agent to prevent prompt injection attacks. Regularly audit the agent's configuration and workspace settings to identify any unauthorized changes.
Actualice Roo Code a la versión 3.26.0 o superior. Esta versión corrige la vulnerabilidad que permite la ejecución remota de código a través de archivos .code-workspace manipulados. Asegúrese de configurar el agente para que no apruebe automáticamente las escrituras de archivos hasta que se haya actualizado.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58372 is a Remote Code Execution vulnerability in Roo Code versions 3.25.23 and below. It allows attackers to execute arbitrary code through malicious .code-workspace files.
You are affected if you are using Roo Code versions 3.25.23 or earlier. Upgrade to version 3.26.0 to resolve the vulnerability.
Upgrade to Roo Code version 3.26.0 or later. As a temporary workaround, restrict the agent's auto-approval of file writes.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants vigilance.
Refer to the official Roo Code release notes and security advisories on their website for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.