A critical code injection vulnerability, CVE-2025-53967, has been found in the figma-developer-mcp server, allowing remote code execution. This flaw can be exploited via malicious requests, risking extensive access to sensitive developer data and corporate assets. #FigmaMCP #CVE2025-53967
Keypoints
- The vulnerability exists in the fallback API request handling of the figma-developer-mcp server.
- Attackers can inject malicious shell commands through unsanitized user input.
- The flaw enables remote execution of arbitrary code with server privileges.
- Exploits can use AI prompt injection, DNS rebinding, or local network attacks.
- Users must update to version 0.6.3 to mitigate this high-severity security risk.
Read More: https://dailydarkweb.net/critical-figma-mcp-server-flaw-allows-remote-code-execution/