CVE-2025-58370 is a high-severity OS command injection vulnerability affecting Roo-Code, an AI-powered autonomous coding agent integrated into users' code editors. The vulnerability exists in versions prior to 3.26.0 due to improper handling of Bash parameter expansion and indirect references within the command parsing logic. Specifically, when the agent is configured to auto-approve execution of certain commands, an attacker who can influence the prompts given to the agent can exploit this flaw to inject and execute arbitrary OS commands alongside the intended commands. This improper neutralization of special elements (CWE-78) allows an attacker to escalate their control from influencing prompts to executing unauthorized commands on the host system without requiring user interaction or privileges. The vulnerability has a CVSS 3.1 score of 8.1, reflecting its high impact on confidentiality, integrity, and availability, with network attack vector, no privileges required, and no user interaction needed. Although no known exploits are currently reported in the wild, the nature of the vulnerability and the widespread use of Roo-Code in development environments make it a critical concern. The issue was addressed and fixed in Roo-Code version 3.26.0 by correcting the command parsing logic to properly handle Bash expansions and indirect references, preventing injection of unintended commands.

For European organizations, this vulnerability poses a significant risk, especially for software development teams and enterprises relying on Roo-Code for coding automation. Successful exploitation could lead to arbitrary command execution on developers' machines or build servers, potentially compromising sensitive source code, intellectual property, and internal systems. The attacker could execute commands that exfiltrate data, install malware, or pivot within the network. Given that the vulnerability requires no privileges or user interaction, it could be exploited remotely if an attacker can influence the input prompts, for example via compromised code repositories, malicious dependencies, or social engineering targeting developers. This could disrupt development workflows, cause data breaches, and impact the integrity of software supply chains. Additionally, the availability of build and deployment infrastructure could be affected, leading to operational downtime. The high CVSS score underscores the criticality of timely remediation to prevent potential widespread impact across European tech sectors.

European organizations should immediately audit their use of Roo-Code and identify any installations running versions below 3.26.0. The primary mitigation is to upgrade Roo-Code to version 3.26.0 or later, which contains the fix for this vulnerability. Until upgrades are completed, organizations should disable any auto-approval features for command execution within Roo-Code to prevent automatic execution of potentially malicious commands. Implement strict input validation and sanitization on any prompts or inputs that influence the agent's behavior. Employ network segmentation and endpoint protection to limit the impact of any successful exploitation. Monitoring and logging of command execution by Roo-Code agents should be enhanced to detect anomalous activities. Additionally, educate developers about the risks of accepting untrusted inputs or prompts and encourage verification of code dependencies and third-party inputs. Finally, integrate Roo-Code usage policies into the organization's secure development lifecycle to ensure continuous security assessment.