CVE-2025-58371 is a critical OS Command Injection vulnerability (CWE-78) affecting RooCodeInc's Roo-Code product, specifically versions prior to 3.26.7. Roo-Code is an AI-powered autonomous coding agent integrated into users' code editors. The vulnerability arises from a GitHub Actions workflow that processes pull request metadata without proper sanitization in a privileged context. This unsanitized input can be manipulated by an attacker to inject arbitrary OS commands, leading to Remote Code Execution (RCE) on the GitHub Actions runner. The workflow operates with broad permissions, including access to repository secrets, enabling an attacker to execute arbitrary commands on the runner, modify or push code to the repository, access sensitive secrets, and create malicious releases or packages. Such capabilities can result in a complete compromise of the repository and its associated services. The vulnerability does not require authentication or user interaction, making it highly exploitable remotely. The CVSS v4.0 score is 9.9 (critical), reflecting the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation. The issue was reserved on August 29, 2025, and published on September 5, 2025, with a fix introduced in version 3.26.7 of Roo-Code. No known exploits in the wild have been reported yet. This vulnerability highlights the risks of insufficient input validation in CI/CD workflows, especially when workflows run with elevated privileges and access sensitive data such as repository secrets.

For European organizations using Roo-Code versions below 3.26.7, this vulnerability poses a severe risk. Exploitation can lead to full compromise of code repositories, including unauthorized code changes, injection of malicious code, and exposure of sensitive secrets such as API keys, credentials, and tokens. This can undermine software supply chain integrity, leading to downstream compromise of applications deployed in production. The ability to create malicious releases or packages can facilitate widespread malware distribution or backdoors. Given the reliance on CI/CD pipelines in modern European software development, the impact extends beyond individual projects to potentially critical infrastructure and services. Confidentiality breaches may expose intellectual property and customer data, while integrity violations can disrupt business operations and damage trust. Availability may also be affected if attackers disrupt workflows or delete repositories. The lack of authentication or user interaction requirements increases the risk of automated exploitation attempts, making timely patching essential.

European organizations should immediately upgrade Roo-Code to version 3.26.7 or later to remediate this vulnerability. Additionally, organizations should audit their GitHub Actions workflows to ensure that all inputs, especially those derived from external sources like pull request metadata, are properly sanitized and validated before use in privileged contexts. Restrict permissions of GitHub Actions workflows to the minimum necessary, avoiding broad access to repository secrets unless absolutely required. Implement secrets management best practices such as using environment-specific secrets and rotating them regularly. Monitor CI/CD pipeline logs for unusual activity or unexpected command executions. Employ network segmentation and runner isolation to limit the blast radius of potential compromises. Consider implementing runtime detection mechanisms to identify anomalous behavior in CI/CD environments. Finally, educate development teams about the risks of unsanitized inputs in automation workflows and enforce secure coding and DevSecOps practices.