{"id":74629,"date":"2025-09-13T11:01:57","date_gmt":"2025-09-13T11:01:57","guid":{"rendered":""},"modified":"2025-10-17T00:33:42","modified_gmt":"2025-10-17T06:33:42","slug":"cve-2025-58372-roo-code-vulnerability-leading-to-arbitrary-code-execution","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58372-roo-code-vulnerability-leading-to-arbitrary-code-execution\/","title":{"rendered":"<strong>CVE-2025-58372: Roo Code Vulnerability Leading to Arbitrary Code Execution<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>A significant vulnerability has been identified in the AI-powered autonomous coding agent, Roo Code, that could potentially compromise system security or cause data leakage. This vulnerability, known as CVE-2025-58372, pertains to versions 3.25.23 and below of Roo Code, and it affects all users who have not yet updated their software. This issue is of great concern as it can enable attackers to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27128-arbitrary-code-execution-vulnerability-in-openharmony-v5-0-3\/\"  data-wpil-monitor-id=\"82192\">execute arbitrary code<\/a>, potentially leading to a full system compromise.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-58372<br \/>\nSeverity: High (CVSS score 8.1)<br \/>\nAttack Vector: Local<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22404-potential-system-compromise-due-to-use-after-free-vulnerability\/\"  data-wpil-monitor-id=\"85643\">System compromise<\/a>, data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3126034613\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57771-arbitrary-command-execution-vulnerability-in-roo-code-ai\/\"  data-wpil-monitor-id=\"84812\">Roo Code<\/a> | Versions 3.25.23 and below<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50692-critical-code-execution-vulnerability-in-foxcms-v1-2-5\/\"  data-wpil-monitor-id=\"82160\">vulnerability in Roo Code<\/a> where certain VS Code workspace configuration files (.code-workspace) are not as protected as the .vscode folder. If the agent was <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55747-configuration-file-exposure-in-xwiki-platform\/\"  data-wpil-monitor-id=\"87409\">configured to auto-approve file<\/a> writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, leading to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54886-arbitrary-code-execution-vulnerability-in-skops-python-library\/\"  data-wpil-monitor-id=\"82233\">arbitrary code execution<\/a>.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1387167210\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Consider the following pseudocode as a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\"># Attacker injects malicious prompt\ninject_prompt(&quot;malicious.task&quot;)\n# Roo Code auto-approves the file write\napprove_file_write(&quot;malicious.task&quot;)\n# Malicious task is written into workspace settings\nwrite_to_workspace(&quot;malicious.task&quot;)\n# When workspace is reopened, malicious task is automatically executed\nreopen_workspace_execute_task(&quot;malicious.task&quot;)<\/code><\/pre>\n<p>In this example, the attacker <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54815-arbitrary-code-execution-via-server-side-template-injection-in-ppress-0-0-9\/\"  data-wpil-monitor-id=\"90163\">injects a malicious task via<\/a> a prompt. <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58370-command-execution-vulnerability-in-roo-code-ai-coding-agent\/\"  data-wpil-monitor-id=\"87762\">Roo Code<\/a>, if set to auto-approve file writes, approves the write of the malicious task. The task is then written into the workspace settings. When the workspace is reopened, the malicious task is automatically executed, leading to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54594-critical-vulnerability-in-react-native-bottom-tabs-library-allows-for-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"82243\">arbitrary code<\/a> execution.<\/p>\n<p><strong>How to Mitigate the Vulnerability<\/strong><\/p>\n<p>The most effective way to mitigate this vulnerability is by applying the vendor patch. Roo Code has addressed this issue in version 3.26.0, so updating to this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46715-kernel-pointer-vulnerability-in-sandboxie-versions-prior-to-1-15-12\/\"  data-wpil-monitor-id=\"82767\">version or later will fix the vulnerability<\/a>. As a temporary solution, users may also use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to detect and prevent <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2022-45134-critical-vulnerability-in-mahara-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"82884\">potential attacks exploiting this vulnerability<\/a>. However, these are not long-term solutions and it is strongly recommended to apply the vendor patch as soon as it becomes available.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview A significant vulnerability has been identified in the AI-powered autonomous coding agent, Roo Code, that could potentially compromise system security or cause data leakage. This vulnerability, known as CVE-2025-58372, pertains to versions 3.25.23 and below of Roo Code, and it affects all users who have not yet updated their software. This issue is of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-74629","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=74629"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74629\/revisions"}],"predecessor-version":[{"id":83050,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/74629\/revisions\/83050"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=74629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=74629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=74629"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=74629"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=74629"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=74629"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=74629"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=74629"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=74629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}