AI description
CVE-2025-53967 is a command injection vulnerability found in the figma-developer-mcp Model Context Protocol (MCP) server. The vulnerability stems from the unsanitized use of user input when the server constructs and executes shell commands. An attacker could exploit this by sending arbitrary system commands. The vulnerability exists in the `get_figma_data` tool. Specifically, the `fetchWithRetry` function uses the standard fetch API and, if that fails, falls back to executing a curl command via `child_process.exec`. Because the curl command is constructed by directly interpolating URL and header values into a shell command string, a malicious actor could craft a specially designed URL or header value that injects arbitrary shell commands. This can lead to remote code execution (RCE) on the host machine. The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp.
- Description
- Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 5.8
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-420
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️ CVE-2025-53967: RCE in Figma’s MCP plugin. When AI integrations forget to sanitize inputs, attackers find the door. #CybersecurityAwarenessMonth reminder: smart tools still need locks. 🔐 Full story via @darkreading: https://t.co/xjcpGEdAhm @CISAgov #appsec #new
@AppSec_Village
10 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Figma 開發元件 figma-developer-mcp 被揭露命令注入漏洞 CVE-2025-53967 漏洞出在 fallback 下載流程以 curl 在 shell 中執行未淨化的 URL/header,攻擊者可注入 shell 指令取得系統執行權限。 若你有安裝此套件,請立即升級或暫
@lfcba8178
9 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Figma MCPの重大な脆弱性がリモートコード実行を許可 修正を急げ(CVE-2025-53967) https://t.co/L8hWEKbxF6 #Security #セキュリティー #ニュース
@SecureShield_
9 Oct 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-53967: figma-developer-mcp vulnerable to command injection in get_figma_data tool Advisory: https://t.co/wwuYGhvUQy CVSS: 7.5 Write-up: https://t.co/umSoEKozUp Write-up 2: https://t.co/m5NkpNsCkq Video Credit: Imperva https://t.co/i6PEUjMHSo
@DarkWebInformer
8 Oct 2025
5067 Impressions
6 Retweets
25 Likes
5 Bookmarks
1 Reply
0 Quotes
CVE-2025-53967 Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with … https://t.co/O79b3lh1V5
@CVEnew
8 Oct 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
محققان امنیت سایبری جزئیات آسیبپذیری رفعشدهای را در سرور پروتکل زمینه مدل (MCP) محبوب figma-developer-mcp افشا کردهاند که میتواند به مهاجمان امکان اجرای کد
@Teeegra
8 Oct 2025
565 Impressions
0 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Figma MCP server flaw (CVE-2025-53967) allows unauthenticated attackers to achieve remote code execution on developer machines. https://t.co/U4nPdnVKCV https://t.co/QW1jLcMjdB
@DailyDarkWeb
8 Oct 2025
5249 Impressions
5 Retweets
22 Likes
12 Bookmarks
0 Replies
1 Quote
📌 كشفت أبحاث الأمن السيبراني عن ثغرة خطيرة في بروتوكول نموذج السياق الخاص بفريق فيغما (MCP) تسمح للمهاجمين بتنفيذ التعليمات البرمجية عن بُعد. الثغرة، المر
@Cybercachear
8 Oct 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes