CVE-2025-11445 MEDIUM

CVE-2025-11445: Kilo Code Prompt ClineProvider.ts ClineProvider injection

Vendor N/A
Product Kilo Code
Weakness CWE-74
Published October 8, 2025
Last update October 8, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue.

Key dates

02Disclosure timeline

October 8, 2025 CVE published
October 8, 2025 Record updated