CVE-2025-53536
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-09-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| roocode | roo_code | to 3.22.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Roo Code, an AI-powered autonomous coding agent, allows an attacker who can submit prompts to the agent to write arbitrary data to Visual Studio Code settings files if the user has enabled "Write" auto-approval. Specifically, the attacker can modify settings like php.validate.executablePath to point to an arbitrary command, then create a PHP file that triggers execution of that command, resulting in remote code execution. This issue affects versions prior to 3.22.6 and requires the attacker to have prompt submission capability and the victim to have auto-approved writes enabled. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to remote code execution on your system without requiring any privileges or user interaction. An attacker could run arbitrary commands by modifying VS Code settings files and triggering those commands, potentially compromising confidentiality, integrity, and availability of your system and data. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the Roo Code agent version is prior to 3.22.6 and if the 'Write' auto-approval feature is enabled. Additionally, monitoring for unauthorized writes to the '.vscode/settings.json' file or other files within the '.vscode/' directory can indicate exploitation attempts. Since the vulnerability involves writing to VS Code settings files, you can check for recent modifications to these files. For example, on a system with access to the VS Code workspace, you can run commands like 'stat .vscode/settings.json' to check modification times or 'git diff' if the workspace is under version control to detect unexpected changes. Network detection is more complex due to the nature of prompt submission, but monitoring logs for unusual prompt submissions to the Roo Code agent or unexpected code execution events related to PHP validation could help. However, no specific detection commands are provided in the resources. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Roo Code to version 3.22.6 or later, where the vulnerability is fixed by adding the '.vscode/' directory to the list of write-protected files, preventing unauthorized writes to VS Code settings files. Additionally, ensure that the 'Write' auto-approval feature is disabled unless explicitly required and carefully controlled. If upgrading immediately is not possible, manually restrict write permissions to the '.vscode/' directory and monitor for unauthorized changes. Applying the security patches from the commits that add write protection and approval checks for protected files will also mitigate the risk. [2, 1, 3]