Login Sign Up

CVE-2025-65946

8.1 HIGH

📋 TL;DR

CVE-2025-65946 is a command injection vulnerability in Roo Code AI coding agent versions before 3.26.7. Due to improper validation, Roo could automatically execute commands not on its allow list, potentially allowing arbitrary code execution. This affects all users of vulnerable Roo Code versions.

💻 Affected Systems

Products:
  • Roo Code
Versions: All versions before 3.26.7
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the core command validation logic, affecting all standard installations.

📦 What is this software?

Roo Code by Roocode

View all CVEs affecting Roo Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could achieve remote code execution with the privileges of the Roo Code process, potentially leading to full system compromise, data theft, or lateral movement.

🟠

Likely Case

Malicious actors could execute arbitrary commands on affected systems, potentially installing malware, exfiltrating sensitive data, or disrupting development workflows.

🟢

If Mitigated

With proper network segmentation and least privilege principles, impact could be limited to the isolated development environment.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires triggering Roo's command execution feature with malicious input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.26.7

Vendor Advisory: https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p

Restart Required: Yes

Instructions:

1. Update Roo Code to version 3.26.7 or later via your package manager or editor extension marketplace. 2. Restart your editor/IDE. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Roo Code

all

Temporarily disable the Roo Code extension/plugin until patching is possible.

# For VS Code: code --disable-extension roo.roo-code
# For other editors: disable via extension manager

Restrict Roo Permissions

all

Run Roo Code with minimal privileges and restrict its access to sensitive directories.

# Run editor with limited user account
# Use OS-level sandboxing tools

🧯 If You Can't Patch

  • Disable Roo Code entirely until patching is possible.
  • Isolate development systems from production networks and sensitive data.

🔍 How to Verify

Check if Vulnerable:

Check Roo Code version in your editor's extension manager or via command line: roo --version

Check Version:

roo --version

Verify Fix Applied:

Confirm version is 3.26.7 or higher and test that Roo only executes allowed commands.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected command execution by Roo Code process
  • Commands with unusual arguments or paths
  • Roo Code process spawning unexpected child processes

Network Indicators:

  • Roo Code process making unexpected network connections
  • Outbound connections to suspicious domains/IPs

SIEM Query:

process_name:"roo" AND (command_line:* OR parent_process:editor*)

📊 Metadata

CVE ID: CVE-2025-65946
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.17% exploit probability (37.9th percentile)
Published: November 21, 2025
Last Updated: December 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65946, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)