CVE-2025-58370
📋 TL;DR
CVE-2025-58370 is a command injection vulnerability in Roo Code's Bash parameter expansion handling that allows attackers to execute arbitrary commands alongside legitimate ones when the agent is configured with auto-approval. This affects all Roo Code users with versions below 3.26.0 who have enabled auto-approve execution features. Attackers can exploit this by manipulating prompts to inject malicious commands.
💻 Affected Systems
- Roo Code
📦 What is this software?
Roo Code by Roocode
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining shell access, installing malware, exfiltrating sensitive data, and pivoting to other systems.
Likely Case
Limited command execution within the Roo Code agent's context, potentially accessing project files, credentials, or executing unauthorized operations.
If Mitigated
No impact if auto-approve execution is disabled or proper input validation is implemented.
🎯 Exploit Status
Requires ability to influence prompts sent to Roo Code agent, which could be achieved through various attack vectors including compromised dependencies or social engineering.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.26.0
Vendor Advisory: https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-2rm5-cvcm-7592
Restart Required: Yes
Instructions:
1. Update Roo Code to version 3.26.0 or higher. 2. Restart your editor/IDE. 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable Auto-Approve Execution
allTurn off the auto-approve feature to prevent automatic command execution without user review.
Check Roo Code settings in your editor and disable 'auto-approve execution' or similar features
Restrict Command Types
allConfigure Roo Code to only execute specific, safe command types and disable shell command execution.
Configure Roo Code to use allow-lists for permitted command types
🧯 If You Can't Patch
- Disable auto-approve execution feature immediately
- Implement strict input validation and sanitization for all prompts sent to Roo Code
🔍 How to Verify
Check if Vulnerable:
Check Roo Code version in your editor/IDE settings. If version is below 3.26.0 and auto-approve execution is enabled, you are vulnerable.Check Version:
Check within your editor's Roo Code extension settings or run: roo --version (if CLI available)Verify Fix Applied:
Verify Roo Code version is 3.26.0 or higher and test that command injection attempts are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Multiple commands in single execution
- Suspicious parameter expansion in logs
Network Indicators:
- Unexpected outbound connections from development machines
- Unusual data exfiltration patterns
SIEM Query:
Process execution logs where parent process is Roo Code and command contains suspicious patterns like ${...} or indirect references