CVE-2025-57771
📋 TL;DR
This vulnerability allows command injection in Roo Code's auto-execute feature when processing crafted prompts. Attackers with access to submit prompts can execute arbitrary code alongside legitimate commands if auto-approved execution is enabled. Only users who have enabled the auto-approved command execution feature (disabled by default) are affected.
💻 Affected Systems
- Roo Code
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with arbitrary code execution leading to data theft, ransomware deployment, or complete system takeover.
Likely Case
Limited command execution within the user's context, potentially accessing sensitive files or establishing persistence.
If Mitigated
No impact if auto-approved execution is disabled or if prompt submission is restricted to trusted users.
🎯 Exploit Status
Exploitation requires attacker access to submit prompts and user configuration with auto-approved execution enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.25.5
Vendor Advisory: https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-wrh9-463x-7wvv
Restart Required: Yes
Instructions:
1. Update Roo Code to version 3.25.5 or later. 2. Restart the editor/application. 3. Verify the update was successful.
🔧 Temporary Workarounds
Disable auto-approved execution
allTurn off the auto-approved command execution feature entirely
Check Roo Code settings and disable 'auto-approved execution' or similar features
Restrict prompt submission
allLimit who can submit prompts to the Roo Code agent
Configure access controls to restrict prompt submission to trusted users only
🧯 If You Can't Patch
- Disable auto-approved command execution feature immediately
- Implement strict access controls for who can submit prompts to Roo Code
🔍 How to Verify
Check if Vulnerable:
Check Roo Code version and if auto-approved execution is enabled for any commandsCheck Version:
Check within Roo Code settings or editor extension details for version numberVerify Fix Applied:
Confirm version is 3.25.5 or later and check that command parsing handles special characters properly📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Multiple commands in single execution
- Presence of process substitution or ampersand characters in executed commands
Network Indicators:
- Unexpected outbound connections from editor processes
- Command execution patterns matching injection attempts
SIEM Query:
Process execution logs containing '&' or process substitution syntax from Roo Code processes