CVE-2025-58371 is a critical security vulnerability identified in RooCodeInc's product Roo-Code, specifically affecting versions 3.26.6 and earlier. Roo-Code is an AI-powered autonomous coding agent integrated within users' code editors. The vulnerability arises from improper neutralization of special elements used in an OS command (CWE-78), specifically within a GitHub workflow that processes pull request metadata without adequate sanitization. This workflow operates in a privileged context on the GitHub Actions runner, which has broad permissions including access to repository secrets. An attacker can exploit this flaw by crafting malicious pull request metadata that gets executed as an OS command on the runner, leading to Remote Code Execution (RCE). The consequences of successful exploitation are severe: attackers can execute arbitrary commands on the runner, modify or push code to the repository, access sensitive secrets, and create malicious releases or packages. This results in a complete compromise of the repository and its associated services, potentially affecting the integrity, confidentiality, and availability of the development environment and downstream deployments. The vulnerability has a CVSS 4.0 base score of 9.9, reflecting its critical severity, with characteristics including network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. The issue was publicly disclosed on September 5, 2025, and fixed in version 3.26.7 of Roo-Code. No known exploits in the wild have been reported yet, but the high severity and ease of exploitation make it a significant threat to organizations using affected versions.

For European organizations, the impact of CVE-2025-58371 is substantial. Many European software development teams and enterprises rely on GitHub Actions and integrated coding tools like Roo-Code to automate workflows and enhance productivity. Exploitation of this vulnerability could lead to unauthorized code changes, insertion of backdoors or malicious code, theft of sensitive intellectual property, and exposure of confidential repository secrets such as API keys, credentials, or tokens. This could further cascade into supply chain attacks affecting downstream users and customers. The compromise of CI/CD pipelines undermines trust in software integrity and can cause operational disruptions. Additionally, regulatory frameworks such as GDPR impose strict requirements on data protection; a breach resulting from this vulnerability could lead to legal penalties and reputational damage. The ability to execute commands remotely without authentication or user interaction increases the risk of widespread automated attacks targeting European development environments, potentially affecting sectors with high software dependency such as finance, manufacturing, and government.

European organizations should immediately upgrade Roo-Code to version 3.26.7 or later to remediate this vulnerability. Until the upgrade is applied, organizations should consider disabling or restricting the affected GitHub workflows that process pull request metadata, especially those running with broad permissions or access to secrets. Implement strict input validation and sanitization on all user-supplied data in CI/CD workflows. Limit the permissions of GitHub Actions runners and workflows by adopting the principle of least privilege, ensuring workflows do not have unnecessary access to repository secrets or write permissions unless absolutely required. Employ repository secret scanning and monitoring to detect potential leaks. Use ephemeral runners or isolated environments for executing workflows to reduce the blast radius of a compromise. Regularly audit and monitor CI/CD pipeline logs for unusual activity indicative of exploitation attempts. Finally, educate development teams about the risks of integrating third-party tools and the importance of timely patching.