cve-2025-58372
Vulnerability from cvelistv5
Published
2025-09-05 22:51
Modified
2025-09-08 20:11
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Roo Code: Potential Remote Code Execution via .code-workspace
References
security-advisories@github.comhttps://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598
security-advisories@github.comhttps://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0
security-advisories@github.comhttps://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm
Impacted products
RooCodeIncRoo-Code
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-08T20:11:31.387986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-08T20:11:45.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Roo-Code",
          "vendor": "RooCodeInc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.26.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Roo Code is an AI-powered autonomous coding agent that lives in users\u0027 editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T22:51:01.725Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm"
        },
        {
          "name": "https://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598"
        },
        {
          "name": "https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0"
        }
      ],
      "source": {
        "advisory": "GHSA-4pqh-4ggm-jfmm",
        "discovery": "UNKNOWN"
      },
      "title": "Roo Code: Potential Remote Code Execution via .code-workspace"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58372",
    "datePublished": "2025-09-05T22:51:01.725Z",
    "dateReserved": "2025-08-29T16:19:59.012Z",
    "dateUpdated": "2025-09-08T20:11:45.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-58372\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-05T23:15:30.647\",\"lastModified\":\"2025-09-08T16:25:38.810\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Roo Code is an AI-powered autonomous coding agent that lives in users\u0027 editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.