{"id":74627,"date":"2025-09-13T09:01:16","date_gmt":"2025-09-13T09:01:16","guid":{"rendered":""},"modified":"2025-10-02T12:12:15","modified_gmt":"2025-10-02T18:12:15","slug":"cve-2025-58370-command-execution-vulnerability-in-roo-code-ai-coding-agent","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58370-command-execution-vulnerability-in-roo-code-ai-coding-agent\/","title":{"rendered":"<strong>CVE-2025-58370: Command execution vulnerability in Roo Code AI coding agent<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>CVE-2025-58370 is a high severity vulnerability discovered in Roo Code, an AI-powered autonomous coding agent that can be integrated into various coding editors. The vulnerability lies in the command parsing logic of Roo Code versions below 3.26.0. It was discovered that the Bash parameter expansion and indirect reference were not properly handled, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2022-45134-critical-vulnerability-in-mahara-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"82974\">leading to a potential<\/a> security issue. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54887-significant-security-vulnerability-in-jwe-ruby-encryption-implementation\/\"  data-wpil-monitor-id=\"82673\">vulnerability is significant<\/a> because it can lead to system compromise or data leak if exploited by an attacker. All users of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57771-arbitrary-command-execution-vulnerability-in-roo-code-ai\/\"  data-wpil-monitor-id=\"84810\">Roo Code<\/a> versions below 3.26.0 are affected and encouraged to update immediately.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-58370<br \/>\nSeverity: High (CVSS: 8.1)<br \/>\nAttack Vector: Remote<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22404-potential-system-compromise-due-to-use-after-free-vulnerability\/\"  data-wpil-monitor-id=\"85641\">System compromise<\/a>, data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1678740469\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Roo <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49531-arbitrary-code-execution-vulnerability-in-illustrator-versions-28-7-6-29-5-1-and-earlier\/\"  data-wpil-monitor-id=\"86189\">Code | Versions<\/a> below 3.26.0<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>An attacker can exploit this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57105-command-injection-vulnerability-in-di-7400g-routers\/\"  data-wpil-monitor-id=\"82603\">vulnerability by manipulating the command<\/a> prompts. If the agent is configured to auto-approve the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43984-unauthenticated-command-execution-vulnerability-in-kuwfi-gc111-devices\/\"  data-wpil-monitor-id=\"82397\">execution of certain commands<\/a>, the attacker can insert additional arbitrary commands alongside the intended ones. This is possible <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27216-privilege-escalation-in-uisp-application-due-to-incorrect-permission-assignment\/\"  data-wpil-monitor-id=\"84389\">due to the incorrect<\/a> handling of Bash parameter expansion and indirect reference in command parsing logic. This would allow the attacker to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50692-critical-code-execution-vulnerability-in-foxcms-v1-2-5\/\"  data-wpil-monitor-id=\"82159\">execute arbitrary commands on the system where Roo Code<\/a> is installed, potentially leading to system compromise or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3394800903\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here is a hypothetical example of how an attacker might exploit the vulnerability:<\/p>\n<pre><code class=\"\" data-line=\"\"># Original legitimate command\nroo_code_command --execute=&quot;legitimate_command&quot;\n# Exploited command\nroo_code_command --execute=&quot;legitimate_command; malicious_command&quot;<\/code><\/pre>\n<p>In this example, `legitimate_command` is a command that the AI agent is configured to auto-approve, and `malicious_command` is an additional <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-56803-arbitrary-os-command-execution-vulnerability-in-figma-desktop-for-windows\/\"  data-wpil-monitor-id=\"87070\">arbitrary command<\/a> inserted by the attacker. If the agent <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8943-unauthenticated-os-command-execution-in-flowise\/\"  data-wpil-monitor-id=\"82597\">executes this command<\/a>, it would also execute the malicious command, leading to a potential security breach.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>To mitigate this vulnerability, users are advised to update their <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58372-roo-code-vulnerability-leading-to-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"87760\">Roo Code<\/a> to version 3.26.0, where this vulnerability is fixed. If updating is not an immediate option, users can employ a Web Application Firewall (WAF) or Intrusion Detection System (IDS) as a temporary measure to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8418-arbitrary-plugin-installation-vulnerability-in-b-slider-gutenberg-slider-block-for-wp-plugin\/\"  data-wpil-monitor-id=\"82548\">block malicious attempts to exploit this vulnerability<\/a>. However, this is not a permanent solution and updating to the fixed version is strongly recommended.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview CVE-2025-58370 is a high severity vulnerability discovered in Roo Code, an AI-powered autonomous coding agent that can be integrated into various coding editors. The vulnerability lies in the command parsing logic of Roo Code versions below 3.26.0. It was discovered that the Bash parameter expansion and indirect reference were not properly handled, leading to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-74627","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=74627"}],"version-history":[{"count":13,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74627\/revisions"}],"predecessor-version":[{"id":80570,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74627\/revisions\/80570"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=74627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=74627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=74627"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=74627"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=74627"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=74627"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=74627"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=74627"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=74627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}