CVE-2025-11445 | Kilo Code up to 4.86.0 Prompt ClineProvider.ts ClineProvider injection

A vulnerability was found in Kilo Code up to 4.86.0. It has been classified as critical. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection.

This vulnerability is identified as CVE-2025-11445. The attack can be initiated remotely. Additionally, an exploit exists.

Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More