{"data":{"id":"852b6fbf-5114-4105-8d89-2d6b1448bb9a","title":"CVE-2025-53536: Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had \"Write\" auto-approved, an attacker","summary":"Roo Code is an AI tool that can write code automatically. Before version 3.22.6, if a user had auto-approved write permissions, an attacker could send prompts to the agent that would modify VS Code settings files (configuration files that control how the editor works) and run malicious code on the user's computer. For example, an attacker could change a PHP validation setting to point to a harmful command, then create a PHP file to execute it.","solution":"Update Roo Code to version 3.22.6 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-53536","publishedAt":"2025-07-07T18:15:28.980Z","cveId":"CVE-2025-53536","cweIds":["CWE-552"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Roo Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00192,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}