CVE-2025-57771: Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fa
Summary
Roo Code is an AI tool that automatically writes code inside text editors, but versions before 3.25.5 have a bug in how they parse commands (the instructions telling a computer what to do). An attacker could trick the AI into running extra harmful commands by hiding them in prompts if the user had enabled auto-approved command execution, a risky setting that is off by default.
Solution / Mitigation
Update to version 3.25.5, where the issue is fixed.
Vulnerability Details
8.1(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-57771
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%