CVE-2025-58372

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Roo Code versions 3.25.23 and below

Description Roo Code, an AI-powered autonomous coding agent, is susceptible to a flaw where VS Code workspace configuration files (.code-workspace) lack the same protection as files within the .vscode folder. If the agent is configured for auto-approval of file writes, an attacker leveraging prompt injection could introduce malicious workspace settings or tasks. Upon reopening the workspace, these tasks could execute arbitrary code.

Recommendations Update to version 3.26.0 or later.

Exploit

Fix

RCE

Code Injection

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-732

Related Identifiers

CVE-2025-58372

GHSA-4PQH-4GGM-JFMM

Affected Products

Robocode

Vscode

CVE-2025-58372

Weakness Enumeration

Related Identifiers

Affected Products

References · 10