CVE-2025-11445

Summary

A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
n/aKilo Code4.0affected
n/aKilo Code4.1affected
n/aKilo Code4.2affected
n/aKilo Code4.3affected
n/aKilo Code4.4affected
n/aKilo Code4.5affected
n/aKilo Code4.6affected
n/aKilo Code4.7affected
n/aKilo Code4.8affected
n/aKilo Code4.9affected
n/aKilo Code4.10affected
n/aKilo Code4.11affected
n/aKilo Code4.12affected
n/aKilo Code4.13affected
n/aKilo Code4.14affected
n/aKilo Code4.15affected
n/aKilo Code4.16affected
n/aKilo Code4.17affected
n/aKilo Code4.18affected
n/aKilo Code4.19affected
n/aKilo Code4.20affected
n/aKilo Code4.21affected
n/aKilo Code4.22affected
n/aKilo Code4.23affected
n/aKilo Code4.24affected
n/aKilo Code4.25affected
n/aKilo Code4.26affected
n/aKilo Code4.27affected
n/aKilo Code4.28affected
n/aKilo Code4.29affected
n/aKilo Code4.30affected
n/aKilo Code4.31affected
n/aKilo Code4.32affected
n/aKilo Code4.33affected
n/aKilo Code4.34affected
n/aKilo Code4.35affected
n/aKilo Code4.36affected
n/aKilo Code4.37affected
n/aKilo Code4.38affected
n/aKilo Code4.39affected
n/aKilo Code4.40affected
n/aKilo Code4.41affected
n/aKilo Code4.42affected
n/aKilo Code4.43affected
n/aKilo Code4.44affected
n/aKilo Code4.45affected
n/aKilo Code4.46affected
n/aKilo Code4.47affected
n/aKilo Code4.48affected
n/aKilo Code4.49affected
n/aKilo Code4.50affected
n/aKilo Code4.51affected
n/aKilo Code4.52affected
n/aKilo Code4.53affected
n/aKilo Code4.54affected
n/aKilo Code4.55affected
n/aKilo Code4.56affected
n/aKilo Code4.57affected
n/aKilo Code4.58affected
n/aKilo Code4.59affected
n/aKilo Code4.60affected
n/aKilo Code4.61affected
n/aKilo Code4.62affected
n/aKilo Code4.63affected
n/aKilo Code4.64affected
n/aKilo Code4.65affected
n/aKilo Code4.66affected
n/aKilo Code4.67affected
n/aKilo Code4.68affected
n/aKilo Code4.69affected
n/aKilo Code4.70affected
n/aKilo Code4.71affected
n/aKilo Code4.72affected
n/aKilo Code4.73affected
n/aKilo Code4.74affected
n/aKilo Code4.75affected
n/aKilo Code4.76affected
n/aKilo Code4.77affected
n/aKilo Code4.78affected
n/aKilo Code4.79affected
n/aKilo Code4.80affected
n/aKilo Code4.81affected
n/aKilo Code4.82affected
n/aKilo Code4.83affected
n/aKilo Code4.84affected
n/aKilo Code4.85affected
n/aKilo Code4.86.0affected

Weaknesses

  • CWE-74: Injection
  • CWE-707: Improper Neutralization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References