CVE-2025-53967_CVE-2025-53967

8 / 10

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.

Basic Information

ID CVE-2025-53967

Source mitre

Published Oct 8, 2025 at 00:00

Modified Oct 8, 2025 at 17:18

Affected Product

Vendor Framelink

Product Figma MCP Server

Affected Versions Framelink Figma MCP Server 0

CWE Classification

CWE-420

References

{
    "lastseen": "",
    "description": "Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.",
    "published": "2025-10-08T00:00:00.000Z",
    "modified": "2025-10-08T17:18:20.747Z",
    "type": "cve",
    "title": "CVE-2025-53967",
    "source": "mitre",
    "references": "https://github.com/GLips/Figma-Context-MCP/blob/96b3852669c5eed65e4a6e20406c25504d9196f2/src/utils/fetch-with-retry.ts#L34\nhttps://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/\nhttps://github.com/GLips/Figma-Context-MCP/releases/tag/v0.6.3",
    "id": "CVE-2025-53967",
    "bulletinFamily": "",
    "cwe": [
        "CWE-420"
    ],
    "cvelist": null,
    "sourceData": "Framelink Figma MCP Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Figma MCP Server",
    "version": "0",
    "vendor": "Framelink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}