CVE-2025-53967

Name of the Vulnerable Software and Affected Versions Framelink Figma MCP Server versions prior to 0.6.3

Description A command injection flaw exists in the Figma MCP Server, allowing unauthenticated remote attackers to execute arbitrary operating system commands. This is due to the unsanitized use of user-supplied input within a

fetchWithRetry

function that utilizes a

curl

command. The vulnerability can be exploited through crafted HTTP POST requests, potentially leveraging AI prompt injection and DNS rebinding techniques. The server constructs and executes shell commands using unvalidated user input, enabling the injection of shell metacharacters. Successful exploitation can lead to remote code execution with the privileges of the MCP process. The vulnerability is present in the

get figma data

tool and can be triggered through the MCP Client IDE or the MCP Inspector.

Recommendations Update to version 0.6.3 or later to resolve this vulnerability.