CVE-2025-15060

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15060 identifies a command injection vulnerability within the Framelink Figma MCP Server. This flaw specifically resides in the implementation of the `fetchWithRetry` method. The vulnerability stems from a lack of proper validation of user-supplied strings before they are used to execute a system call. This oversight allows remote attackers to execute arbitrary code on affected installations of the Framelink Figma MCP Server without requiring authentication. An attacker can leverage this to execute code in the context of the service account.

Description: -

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 6

[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus (@gothburz) of Trend Research) https://t.co/0Ium1xKDRC
@TheZDIBugs
25 Feb 2026
3022 Impressions
4 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.

https://www.cve.org/CVERecord?id=CVE-2025-15060

Overview

AI description

Social media

References