CVE-2025-53967
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glips | figma-context-mcp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-420 | The product protects a primary channel, but it does not use the same level of protection for an alternate channel. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Framelink Figma MCP Server versions before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands. This is done by sending a specially crafted HTTP POST request containing shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint does not properly sanitize user input, enabling command injection that runs with the privileges of the MCP process. Exploitation requires network access to the MCP interface.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary OS commands remotely without authentication, potentially leading to full compromise of the MCP server process. This can result in unauthorized access, data manipulation, or disruption of services depending on the privileges of the MCP process. Since the attacker can run commands with MCP process privileges, the impact on confidentiality and integrity is high.