CVE-2025-57771: Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fa
highvulnerabilityLLM-Specific
security
Summary
Roo Code is an AI tool that automatically writes code inside text editors, but versions before 3.25.5 have a bug in how they parse commands (the instructions telling a computer what to do). An attacker could trick the AI into running extra harmful commands by hiding them in prompts if the user had enabled auto-approved command execution, a risky setting that is off by default.
Solution / Mitigation
Update to version 3.25.5, where the issue is fixed.
Vulnerability Details
CVSS Score
8.1(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-57771
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%