VYPR

Roo Code

by Roo Code

CVEs (3)

  • CVE-2025-53536HigJul 7, 2025
    risk 0.00cvss 8.1epss 0.01

    Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that.…

  • CVE-2025-53098HigJun 27, 2025
    risk 0.00cvss 8.1epss 0.01

    Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version…

  • CVE-2025-53097MedJun 27, 2025
    risk 0.00cvss 5.9epss 0.00

    Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a…