Critical Vulnerability Information Vulnerability Title Potential Remote Code Execution via Model Context Protocol in the Roo Code extension Severity High CVSS v3 base metrics: 8.1/10 Affected Versions Affected versions: < 3.20.3 Patched versions: 3.20.3 Vulnerability Description Summary: - The project-specific MCP configuration for the Roo Code agent is stored in the file within the VS Code workspace. The MCP configuration format allows for execution of arbitrary commands, potentially leading to remote code execution if an attacker can craft a malicious command. Impact: - Moderate severity, requiring the attacker to submit prompts to the agent (e.g., through a prompt injection attack), have MCP enabled, and auto-approved file writes enabled. Remediation Remediation: - Added an additional layer of opt-in configuration for auto-approving writing to Roo's configuration files, including all files within the folder. Additional Information CVE ID: CVE-2025-53098 Weaknesses: No CWEs Credits: MaccariTA (Reporter)