CVE-2025-53098

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3

Description: The issue concerns the execution of arbitrary commands through the MCP configuration file. An attacker with access to the system could craft a prompt to write a malicious command to the MCP configuration file, potentially leading to arbitrary command execution. This requires the attacker to have the ability to submit prompts, for the user to have MCP enabled, and for the user to have enabled auto-approved file writes. The issue is considered moderate in severity.

Recommendations: For versions prior to 3.20.3, update to version 3.20.3 to fix the issue by adding an additional layer of opt-in configuration for auto-approving writing to Roo's configuration files. As a temporary workaround, consider disabling the auto-approve file writes feature to minimize the risk of exploitation. Restrict access to the .roo/ folder and its contents to prevent unauthorized modifications.