CVE-2025-58373

Name of the Vulnerable Software and Affected Versions Roo Code versions 3.25.23 and below

Description Roo Code, an AI-powered autonomous coding agent, is susceptible to a bypass of its .rooignore protections when using symlinks. This allows an attacker with write access to the workspace to read files intended to be excluded. Consequently, sensitive files, such as .env or configuration files, could be exposed. An attacker modifying files within the workspace could gain unauthorized access to sensitive information by circumventing .rooignore rules, potentially including secrets and configuration details.

Recommendations Update to version 3.26.0 or later.