CVE-2025-58370 is a high-severity OS command injection vulnerability affecting RooCodeInc's Roo-Code product, specifically versions prior to 3.26.0. Roo-Code is an AI-powered autonomous coding agent integrated within users' code editors to assist with coding tasks. The vulnerability arises from improper handling of Bash parameter expansion and indirect references in the command parsing logic. When the agent is configured to auto-approve execution of certain commands, an attacker who can influence the prompts given to the agent can exploit this flaw to inject and execute arbitrary OS commands alongside the intended commands. This means that an attacker could escalate their control beyond the expected command scope, potentially executing malicious commands on the host system without requiring user interaction or authentication. The vulnerability is classified under CWE-78, indicating improper neutralization of special elements used in OS commands. The CVSS v3.1 base score is 8.1, reflecting a high severity due to the network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the flaw represents a significant risk, especially in environments where Roo-Code is used with auto-approval enabled. The issue is resolved in version 3.26.0 of Roo-Code, and users are strongly advised to upgrade to this or later versions to mitigate the risk.

For European organizations, this vulnerability poses a substantial risk, particularly for software development teams and enterprises relying on Roo-Code for coding automation. Successful exploitation could lead to unauthorized command execution on developers' machines or build servers, potentially compromising sensitive source code, intellectual property, and internal infrastructure. The breach of confidentiality could expose proprietary code or credentials, while integrity and availability impacts could disrupt development pipelines or introduce malicious code into production environments. Given the autonomous nature of the agent and the lack of required user interaction or privileges, attackers could leverage this vulnerability to establish persistent footholds or pivot within corporate networks. Organizations in sectors with high reliance on software development, such as finance, telecommunications, and critical infrastructure, may face increased risks of espionage, sabotage, or data leakage. Furthermore, the vulnerability could be exploited as an initial access vector in broader cyberattack campaigns targeting European enterprises.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately upgrade all Roo-Code instances to version 3.26.0 or later, where the command parsing flaw is fixed. 2) Review and disable any auto-approval settings for command execution within Roo-Code to reduce the risk of automated exploitation. 3) Implement strict input validation and sanitization on any user-generated prompts or inputs that interact with Roo-Code to prevent injection of malicious commands. 4) Monitor logs and command execution histories for unusual or unexpected commands that could indicate exploitation attempts. 5) Employ endpoint detection and response (EDR) solutions to detect anomalous process executions stemming from Roo-Code. 6) Enforce the principle of least privilege on developer workstations and build servers to limit the impact of any successful command injection. 7) Conduct security awareness training for developers to recognize suspicious behaviors related to autonomous coding agents. 8) Integrate Roo-Code usage monitoring into existing security information and event management (SIEM) systems for real-time alerting. These targeted measures go beyond generic patching and help reduce the attack surface and detect potential exploitation attempts.