VYPR
Unrated severityNVD Advisory· Published Sep 6, 2025· Updated Sep 8, 2025

Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts

CVE-2025-58374

Description

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle scripts, if a repository’s package.json file contains a malicious postinstall script, it would be executed automatically without user approval. This means that enabling auto-approved commands and opening a malicious repo could result in arbitrary code execution. This is fixed in version 3.26.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • RooCodeInc/Roo Codellm-fuzzy2 versions
    <=3.25.23+ 1 more
    • (no CPE)range: <=3.25.23
    • (no CPE)range: < 3.26.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.