CNNVD-202509-1000 Information

CNNVD ID

CNNVD-202509-1000

Related CVE

CVE-2025-58374

• CNNVD Published: 2025-09-06

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.25.23及之前版本存在操作系统命令注入漏洞，该漏洞源于npm install自动执行脚本，可能导致任意代码执行。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. Roo Code 3.25.23 and earlier versions contained a loophole in the operating system commands, which originated in a nonpm execution script that could lead to arbitrary code execution.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Roo Code

Published

2025-09-06

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/pull/7390/files https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-c292-qxq4-4p2v https://access.redhat.com/security/cve/cve-2025-58374

Patch

https://github.com/RooCodeInc/Roo-Code/releases