{"id":"CVE-2025-58374","summary":"Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts","details":"Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle scripts, if a repository’s package.json file contains a malicious postinstall script, it would be executed automatically without user approval. This means that enabling auto-approved commands and opening a malicious repo could result in arbitrary code execution. This is fixed in version 3.26.0.","aliases":["GHSA-c292-qxq4-4p2v"],"modified":"2026-04-10T05:31:25.911189Z","published":"2025-09-06T02:19:40.112Z","database_specific":{"cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58374.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/RooCodeInc/Roo-Code/pull/7390/files"},{"type":"WEB","url":"https://github.com/RooCodeInc/Roo-Code/releases/tag/v3.26.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58374.json"},{"type":"ADVISORY","url":"https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-c292-qxq4-4p2v"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58374"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/roocodeinc/roo-code","events":[{"introduced":"0"},{"fixed":"840fe2a4c8b6331f2fcb43e4ddaba8950a0b4bf0"}]}],"versions":["v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v1.0.0","v1.0.4","v1.0.41","v1.0.51","v1.0.6","v1.0.61","v1.0.62","v1.0.63","v1.0.64","v1.0.65","v1.0.7","v1.0.71","v1.0.72","v1.0.73","v1.0.8","v1.0.81","v1.0.82","v1.0.83","v1.0.84","v1.0.85","v1.0.86","v1.0.87","v1.0.9","v1.0.91","v1.0.92","v1.0.93","v1.0.94","v1.0.95","v1.0.96","v1.0.97","v1.0.98","v1.0.99","v1.1.0","v1.1.1","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.41","v1.3.42","v1.3.43","v1.4.0","v1.4.1","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.19","v1.4.2","v1.4.21","v1.4.22","v1.4.23","v1.4.24","v1.5.0","v1.5.01","v1.5.1","v1.5.10","v1.5.11","v1.5.12","v1.5.13","v1.5.14","v1.5.15","v1.5.16","v1.5.17","v1.5.18","v1.5.19","v1.5.2","v1.5.20","v1.5.21","v1.5.22","v1.5.23","v1.5.24","v1.5.25","v1.5.26","v1.5.27","v1.5.28","v1.5.29","v1.5.3","v1.5.30","v1.5.31","v1.5.32","v1.5.33","v1.5.34","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.6.1","v1.6.10","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.8.0","v1.8.1","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.15","v2.1.16","v2.1.17","v2.1.18","v2.1.19","v2.1.2","v2.1.21","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v3.18.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58374.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}