{"data":{"id":"9db1ae91-ec37-4095-84ee-1549c6a187f1","title":"CVE-2025-53097: Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent'","summary":"Roo Code, an AI agent that writes code automatically, had a vulnerability (CVE-2025-53097) in versions before 3.20.3 where its file search tool ignored settings that should have blocked it from reading files outside the VS Code workspace (the folder a user is working in). An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent read sensitive files and send that information over the network without user permission, though this attack required the attacker to already control what prompts the agent receives.","solution":"Upgrade to version 3.20.3 or later. According to the source, \"Version 3.20.3 fixed the issue where `search_files` did not respect the setting to limit it to the workspace.\"","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-53097","publishedAt":"2025-06-27T22:15:25.803Z","cveId":"CVE-2025-53097","cweIds":["CWE-74"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Roo Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00056,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}