The following table lists the changes that have been made to the
CVE-2025-54377 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.
Jul. 23, 2025
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Roo Code is an AI-powered autonomous coding agent that lives in users’ editors. In versions 3.23.18 and below, RooCode does not validate line breaks (n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines. This is fixed in version 3.23.19. | |
| Added | CVSS V3.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| Added | CWE | CWE-77 | |
| Added | Reference | https://github.com/RooCodeInc/Roo-Code/commit/9d434c2db9b20eb5c78b698cb2b0037cd2074534 | |
| Added | Reference | https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-p278-52×9-cffx |
Jul. 23, 2025
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-p278-52×9-cffx |
CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –
CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
