CVE-2025-65946

Description

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:* - VULNERABLE

Roo Code < 3.26.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# PoC for CVE-2025-65946
# 构造恶意命令绕过允许列表前缀验证
payload = {
    'command': 'malicious_command_with_bypass_characters',
    'session_id': 'target_session'
}

response = requests.post('http://target:port/execute', json=payload)
print(response.json())

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65946
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65946
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65946/
[4] VulDB https://vuldb.com/cve/CVE-2025-65946
[5] https://github.com/RooCodeInc/Roo-Code/commit/b50104cc5987ce64f5154309d967ae8c74cfd1f3
[6] https://github.com/RooCodeInc/Roo-Code/pull/7667
[7] https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65946", "sourceIdentifier": "[email protected]", "published": "2025-11-21T23:15:45.170", "lastModified": "2025-12-04T16:02:39.733", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-77"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.26.7", "matchCriteriaId": "4BCA2678-F80F-4370-9C08-59C3FAA651DC"}]}]}], "references": [{"url": "https://github.com/RooCodeInc/Roo-Code/commit/b50104cc5987ce64f5154309d967ae8c74cfd1f3", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/RooCodeInc/Roo-Code/pull/7667", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}