CVE-2025-58372CRITICAL 9.8EPSS p38.5%

CVE-2025-58372CVE-2025-58372

Description

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.5% · 2026-06-19T12:03:05Z
Published2025-09-05
Last modified2025-09-15

Underlying weaknesses· 2

CWE-94CWE-732

References

  1. https://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598
  2. https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0
  3. https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm

2

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53098
CVE
CVE-2025-53536
CVE
CVE-2025-58370
CVE
CVE-2025-57771
CVE
CVE-2025-58371
CVE
CVE-2025-65946
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.