CVE-2025-58374 is a high-severity OS command injection vulnerability affecting RooCodeInc's Roo-Code product, versions prior to 3.26.0. Roo-Code is an AI-powered autonomous coding agent integrated into users' code editors to assist with development tasks. The vulnerability arises from the product's handling of auto-approved commands, specifically the inclusion of 'npm install' in the default allowed commands list when auto-approve is enabled. The 'npm install' command executes lifecycle scripts defined in a repository's package.json file, including potentially malicious postinstall scripts. Because these scripts run automatically without manual user approval under the auto-approve setting, an attacker can craft a malicious repository containing a harmful postinstall script. When a user opens this repository and Roo-Code executes 'npm install' automatically, the malicious script runs with the user's privileges, leading to arbitrary code execution on the host system. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that the product fails to properly sanitize or restrict command inputs, allowing injection of harmful commands. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity, no privileges required, but requiring user interaction (opening a malicious repo). No known exploits in the wild have been reported yet. The issue was addressed in Roo-Code version 3.26.0 by presumably removing 'npm install' from auto-approved commands or adding stricter validation and user approval requirements. This vulnerability highlights the risks of automated command execution in developer tools, especially when combined with package managers that run lifecycle scripts, which can be abused for code execution if not properly controlled.

For European organizations, this vulnerability poses a significant risk, particularly for software development teams using Roo-Code in their development environments. Successful exploitation could lead to arbitrary code execution on developer machines, potentially allowing attackers to steal sensitive source code, credentials, or intellectual property. It could also serve as a foothold for lateral movement within corporate networks if the compromised developer environment has network access to internal resources. The impact extends to supply chain security, as malicious repositories could be used as attack vectors. Given the widespread use of Node.js and npm in European software development, and the increasing adoption of AI-powered coding assistants, the risk is amplified. Organizations involved in critical infrastructure, finance, telecommunications, and technology sectors are especially vulnerable due to the sensitivity of their codebases and the potential for disruption. Additionally, the vulnerability could be exploited to implant persistent malware or backdoors, undermining trust in development pipelines and potentially violating GDPR requirements related to data protection and breach notification.

European organizations should take immediate steps to mitigate this vulnerability. First, upgrade Roo-Code to version 3.26.0 or later, where the issue is fixed. If upgrading is not immediately possible, disable the auto-approve feature for commands, especially those involving 'npm install' or other package manager commands that execute lifecycle scripts. Implement strict policies to restrict the use of untrusted or unknown repositories, including scanning package.json files for suspicious lifecycle scripts before opening repositories. Employ endpoint protection solutions capable of detecting anomalous script execution triggered by npm lifecycle events. Educate developers about the risks of opening untrusted repositories and encourage manual review of package scripts. Integrate code signing or repository whitelisting mechanisms to ensure only trusted code is executed. Monitor developer workstations for unusual process activity related to npm or shell commands. Finally, incorporate this vulnerability into supply chain risk assessments and incident response plans to quickly identify and respond to potential exploitation attempts.