CVE-2025-58373 is a medium-severity vulnerability affecting Roo-Code, an AI-powered autonomous coding agent integrated into users' code editors, developed by RooCodeInc. The vulnerability exists in versions prior to 3.26.0 and involves improper link resolution before file access, classified under CWE-59 (Improper Link Resolution Before File Access or 'Link Following'). Specifically, the issue arises because the .rooignore file protections, which are intended to exclude certain files or directories from being accessed or processed by the extension, can be bypassed through the use of symbolic links (symlinks). An attacker who has write access to the user's workspace can create symlinks that point to sensitive files such as .env files or configuration files that were meant to be excluded by the .rooignore rules. When the Roo-Code extension follows these symlinks, it inadvertently reads and exposes the contents of these sensitive files. This exposure can lead to unauthorized disclosure of secrets, configuration details, or other sensitive project data. The vulnerability requires that the attacker already have write permissions within the workspace, but does not require any privileges beyond that, nor does it require authentication or elevated privileges within the system. The CVSS v3.1 base score is 5.5 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high impact on confidentiality (C:H), no impact on integrity (I:N), and no impact on availability (A:N). There are no known exploits in the wild as of the published date, and the issue is fixed in version 3.26.0 of Roo-Code. This vulnerability highlights the risks of symlink attacks in development environments where extensions or tools do not properly validate or restrict file access when following symbolic links, especially in contexts where sensitive configuration or secret files are present.

For European organizations, this vulnerability poses a risk primarily to software development teams and environments that use Roo-Code versions prior to 3.26.0. The exposure of sensitive files such as .env or configuration files can lead to leakage of secrets like API keys, database credentials, or other confidential configuration parameters. Such leakage could facilitate further attacks, including unauthorized access to backend systems, data breaches, or lateral movement within the organization’s infrastructure. Since the vulnerability requires write access to the workspace, the threat is most relevant in scenarios where an attacker can already modify project files, such as compromised developer machines, insider threats, or through supply chain attacks that inject malicious code or symlinks into repositories. The impact on confidentiality is high, but there is no direct impact on integrity or availability. European organizations with strict data protection regulations (e.g., GDPR) could face compliance risks if sensitive personal data or credentials are exposed due to this vulnerability. Additionally, organizations relying on Roo-Code for secure development workflows may experience erosion of trust and potential operational disruptions if secrets are leaked and exploited.

1. Upgrade Roo-Code to version 3.26.0 or later immediately to ensure the vulnerability is patched. 2. Restrict write permissions in development workspaces to trusted users only, minimizing the risk that an attacker can create malicious symlinks. 3. Implement workspace monitoring to detect creation of unexpected symbolic links, especially those pointing outside the intended project directories or to sensitive files. 4. Use additional secret management solutions that do not rely solely on .env or local configuration files, such as environment variables injected at runtime or dedicated secret vaults, to reduce the risk of secret exposure. 5. Educate developers and DevOps teams about the risks of symlink attacks and the importance of verifying the integrity of workspace files and extensions. 6. Employ file system access controls or sandboxing mechanisms to limit the ability of extensions to follow symlinks outside designated safe directories. 7. Conduct regular security audits of development environments and code editor extensions to identify and remediate similar risks proactively.