<ciso brief/>
Tag Banner

All news with #figma tag

all tags →

Wed, October 8, 2025

Severe Figma MCP Command Injection Enables RCE Remotely

#Security Advisory #Patch #Figma #Imperva #Command Injection #Disclosure

🔒 Cybersecurity researchers disclosed a now-patched command injection vulnerability in the figma-developer-mcp Model Context Protocol server that could allow remote code execution. Tracked as CVE-2025-53967 (CVSS 7.5), the flaw stems from unsanitized user input interpolated into shell commands when a fetch fallback uses child_process.exec to run curl. Imperva reported the issue and maintainers released a fix in figma-developer-mcp v0.6.3; users should update immediately.

read more →