CVE-2025-53536: Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker
highvulnerability
security
Summary
Roo Code is an AI tool that can write code automatically. Before version 3.22.6, if a user had auto-approved write permissions, an attacker could send prompts to the agent that would modify VS Code settings files (configuration files that control how the editor works) and run malicious code on the user's computer. For example, an attacker could change a PHP validation setting to point to a harmful command, then create a PHP file to execute it.
Solution / Mitigation
Update Roo Code to version 3.22.6 or later, where this vulnerability is fixed.
Vulnerability Details
CVSS Score
8.1(high)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
AI Component TargetedAgent
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53536
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%