CVE-2025-53536
📋 TL;DR
This vulnerability in Roo Code allows attackers with prompt submission access to write malicious configurations to VS Code settings files, leading to arbitrary command execution. Users with 'Write' auto-approval enabled in Roo Code versions before 3.22.6 are affected. The attack exploits settings like php.validate.executablePath to execute arbitrary commands.
💻 Affected Systems
- Roo Code
📦 What is this software?
Roo Code by Roocode
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary command execution with the privileges of the Roo Code process, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or execution of malicious scripts within the development environment, compromising project files and development tools.
If Mitigated
Limited impact if 'Write' auto-approval is disabled or prompt submission is restricted to trusted users only.
🎯 Exploit Status
Exploitation requires ability to submit prompts to the Roo Code agent and 'Write' auto-approval enabled. Multiple exploitation paths exist according to the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.22.6
Vendor Advisory: https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-3765-5vjr-qjgm
Restart Required: Yes
Instructions:
1. Update Roo Code to version 3.22.6 or later. 2. Restart the Roo Code service/application. 3. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Disable Write Auto-Approval
allDisable the 'Write' auto-approval feature in Roo Code configuration to prevent prompt-based file writes.
Check Roo Code configuration settings for 'auto_approval' or similar options and disable write permissions
Restrict Prompt Submission
allLimit who can submit prompts to the Roo Code agent to trusted users only.
Configure access controls in Roo Code to restrict prompt submission to authorized personnel
🧯 If You Can't Patch
- Disable 'Write' auto-approval in Roo Code configuration immediately
- Implement strict access controls to limit who can submit prompts to the Roo Code agent
🔍 How to Verify
Check if Vulnerable:
Check if Roo Code version is below 3.22.6 and if 'Write' auto-approval is enabled in configuration.Check Version:
roo-code --version or check package manager/installation methodVerify Fix Applied:
Verify Roo Code version is 3.22.6 or higher and test that prompt-based writes to VS Code settings files are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual write operations to VS Code settings files (e.g., settings.json)
- Suspicious prompt submissions to Roo Code with write requests
- Execution of unexpected commands from VS Code PHP validation
Network Indicators:
- Unusual outbound connections from development environment following prompt submissions
SIEM Query:
source="roo-code" AND (event="write_settings" OR event="prompt_submission") | where version < "3.22.6"