Skip to main content

CVE-2025-54377: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RooCodeInc Roo-Code

High
VulnerabilityCVE-2025-54377cvecve-2025-54377cwe-77
Published: Wed Jul 23 2025 (07/23/2025, 20:36:01 UTC)
Source: CVE Database V5
Vendor/Project: RooCodeInc
Product: Roo-Code

Description

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines. This is fixed in version 3.23.19.

AI-Powered Analysis

AILast updated: 07/23/2025, 21:02:40 UTC

Technical Analysis

CVE-2025-54377 is a high-severity command injection vulnerability affecting RooCodeInc's Roo-Code product, specifically versions prior to 3.23.19. Roo-Code is an AI-powered autonomous coding agent integrated into users' code editors to assist with programming tasks. The vulnerability arises from improper neutralization of special elements used in commands, classified under CWE-77. The root cause is the lack of validation or parsing logic to handle line breaks (\n) in command inputs. The allow-list mechanism intended to restrict commands can be bypassed because only the first line or token of a command is evaluated for execution, while subsequent lines are ignored by the validation but executed by the system. This allows an attacker with limited privileges (local access and low privileges) to inject additional malicious commands by smuggling them in subsequent lines, leading to arbitrary command execution. The CVSS 3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the potential for privilege escalation, data compromise, or system disruption. The issue is resolved in version 3.23.19, which implements proper validation to prevent multi-line command injection.

Potential Impact

For European organizations, this vulnerability could lead to severe consequences if exploited. Since Roo-Code operates within developers' editors, a successful command injection could allow attackers to execute arbitrary commands on developer machines, potentially leading to theft of sensitive intellectual property, insertion of malicious code into software projects, or disruption of development workflows. This can compromise the integrity of software supply chains, a critical concern for European industries reliant on secure and trustworthy software development. Additionally, the breach of developer environments could serve as a foothold for lateral movement within corporate networks, threatening broader IT infrastructure. The impact extends to confidentiality (exposure of proprietary code and credentials), integrity (tampering with source code), and availability (disruption of development tools). Given the high CVSS score and the nature of the vulnerability, organizations using vulnerable Roo-Code versions must consider this a high-risk threat to their software development lifecycle security.

Mitigation Recommendations

European organizations should immediately verify the Roo-Code version deployed in their development environments and upgrade to version 3.23.19 or later, where the vulnerability is patched. Beyond patching, organizations should enforce strict access controls to limit local user privileges on developer machines, minimizing the risk of exploitation by low-privilege users. Implementing application whitelisting and sandboxing for development tools can further contain potential command injection attempts. Monitoring and logging command execution within developer environments can help detect anomalous activities indicative of exploitation attempts. Additionally, organizations should educate developers about the risks of command injection and encourage cautious use of AI coding assistants, especially those that execute commands. Integrating static and dynamic code analysis tools to detect suspicious code changes can help identify tampering resulting from exploitation. Finally, organizations should maintain an inventory of all AI-powered development tools and ensure timely updates to mitigate emerging vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-07-21T16:12:20.733Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68814a71ad5a09ad0027be01

Added to database: 7/23/2025, 8:47:45 PM

Last enriched: 7/23/2025, 9:02:40 PM

Last updated: 7/25/2025, 12:56:38 AM

Views: 6

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats