exploitDog

CVE-2025-65946

Опубликовано: 21 нояб. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7.

Ссылки

https://github.com/RooCodeInc/Roo-Code/commit/b50104cc5987ce64f5154309d967ae8c74cfd1f3
Patch
https://github.com/RooCodeInc/Roo-Code/pull/7667
Issue Tracking
https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:*

Версия до 3.26.7 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

8.1 High

CVSS3

Дефекты

CWE-20

CWE-77

EPSS

Процентиль: 38%

0.00168

Низкий

8.1 High

CVSS3

Дефекты

CWE-20

CWE-77