"Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol ( MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can send arbitrary system commands."
"The exploitation sequence takes place over through steps - The MCP client sends an Initialize request to the MCP endpoint to receive an mcp-session-id that's used in subsequent communication with the MCP server The client sends a JSONRPC request to the MCP server with the method tools/call to call tools like get_figma_data or download_figma_images The issue, at its core, resides in "src/utils/fetch-with-retry.ts," which fi"
A command injection vulnerability in the figma-developer-mcp Model Context Protocol (MCP) server (CVE-2025-53967, CVSS 7.5) allows attackers to execute arbitrary system commands by exploiting unsanitized user input in shell command construction. The server constructs and executes shell commands using unvalidated input, enabling shell metacharacter injection and remote code execution under the server process's privileges. The Framelink Figma MCP server exposes tools used by AI-powered coding agents, which an attacker could manipulate via indirect prompt injection to trigger unintended actions. Imperva discovered and reported the flaw in July 2025, describing it as a design oversight in a fallback mechanism that risks full remote code execution and data exposure. The issue occurs during command-line construction for traffic sent to the Figma API and is rooted in src/utils/fetch-with-retry.ts, with exploitation involving Initialize and tools/call JSONRPC requests that use an mcp-session-id.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]