CVE-2025-11445

MEDIUM

Kilo Code <4.86.0 - Code Injection

Title source: llm

Description

A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue.

References (6)

[Patch] https://github.com/Kilo-Org/kilocode/pull/2244/commits/2fdddf89edba41ec3a527134e485a3388c464333

[Issue Tracking] https://github.com/Kilo-Org/kilocode/pull/2244

[Permissions Required, VDB Entry] https://vuldb.com/?id.327382

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.327382

[Permissions Required, VDB Entry] https://vuldb.com/?submit.667004

[Various Sources] https://mcpsec.dev/advisories/2025-10-02-kilo-code-ai-agent-supply-chain-attack/

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-707 CWE-74

Status published

Products (50)

n/a/Kilo Code 4.0

n/a/Kilo Code 4.1

n/a/Kilo Code 4.10

n/a/Kilo Code 4.11

n/a/Kilo Code 4.12

n/a/Kilo Code 4.13

n/a/Kilo Code 4.14

n/a/Kilo Code 4.15

n/a/Kilo Code 4.16

n/a/Kilo Code 4.17

... and 40 more

Published Oct 08, 2025

Tracked Since Feb 18, 2026