CNNVD-202508-2707 Information

CNNVD ID

CNNVD-202508-2707

Related CVE

CVE-2025-57771

• CNNVD Published: 2025-08-22

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.25.5之前版本存在操作系统命令注入漏洞，该漏洞源于命令解析逻辑缺陷，可能导致执行任意代码。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. There was a loophole in the operating system order in the pre-Roo Code 3.25,5 version, which resulted from a logical flaw in the command resolution, which could lead to the enforcement of any code.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Roo Code

Published

2025-08-22

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-wrh9-463x-7wvv https://github.com/RooCodeInc/Roo-Code/commit/de359a465c67aefc67553aa2b464591b602c4bdc https://access.redhat.com/security/cve/cve-2025-57771 https://nvd.nist.gov/vuln/detail/CVE-2025-57771

Patch

https://github.com/RooCodeInc/Roo-Code/releases