CNNVD-202509-707 Information

CNNVD ID

CNNVD-202509-707

Related CVE

CVE-2025-58373

• CNNVD Published: 2025-09-05

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.25.23及之前版本存在后置链接漏洞，该漏洞源于符号链接绕过保护，可能导致敏感信息泄露。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. Roo Code 3.25.23 and earlier versions had a backlink loophole, which stemmed from the symbol link circumventing protection and could lead to the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

后置链接

Affected Vendor

Roo Code

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/pull/7405 https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-p76r-7mc3-qh7c https://access.redhat.com/security/cve/cve-2025-58373

Patch

https://github.com/RooCodeInc/Roo-Code/releases