CVE-2025-53097: Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent'
Summary
Roo Code, an AI agent that writes code automatically, had a vulnerability (CVE-2025-53097) in versions before 3.20.3 where its file search tool ignored settings that should have blocked it from reading files outside the VS Code workspace (the folder a user is working in). An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent read sensitive files and send that information over the network without user permission, though this attack required the attacker to already control what prompts the agent receives.
Solution / Mitigation
Upgrade to version 3.20.3 or later. According to the source, "Version 3.20.3 fixed the issue where `search_files` did not respect the setting to limit it to the workspace."
Vulnerability Details
5.9(medium)
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53097
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%