CVE-2025-53967
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-08

Last updated on: 2025-10-08

Assigner: MITRE

Description
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-08
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-10-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-53967
EUVD
EUVD-2025-31753
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
glips figma-context-mcp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-420 The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Framelink Figma MCP Server versions before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands. This is done by sending a specially crafted HTTP POST request containing shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint does not properly sanitize user input, enabling command injection that runs with the privileges of the MCP process. Exploitation requires network access to the MCP interface.

Impact Analysis

The vulnerability can allow an attacker to execute arbitrary OS commands remotely without authentication, potentially leading to full compromise of the MCP server process. This can result in unauthorized access, data manipulation, or disruption of services depending on the privileges of the MCP process. Since the attacker can run commands with MCP process privileges, the impact on confidentiality and integrity is high.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53967. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart