CNNVD-202509-708 Information

CNNVD ID

CNNVD-202509-708

Related CVE

CVE-2025-58372

• CNNVD Published: 2025-09-05

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.25.23及之前版本存在安全漏洞，该漏洞源于配置文件保护不足，可能导致任意代码执行。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. There is a security gap in Roo Code 3.25.23 and earlier versions, which stems from inadequate configuration file protection and may lead to arbitrary code enforcement.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0 https://github.com/RooCodeInc/Roo-Code/commit/296edfc829a7c6efc8b5dbe09aa766a9aed79598 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-4pqh-4ggm-jfmm https://access.redhat.com/security/cve/cve-2025-58372

Patch

https://github.com/RooCodeInc/Roo-Code/releases