Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Figma-developer-mcp MCP server command injection (CVE-2025-53967)

Vulnerability
First reported
Last updated
Happening score
H score 10
2 unique sources, 2 articles

Summary

Hide ▲

figma-developer-mcp has a now-patched command injection flaw, CVE-2025-53967, that can let attackers execute arbitrary commands and reach remote code execution. The weakness comes from unsanitized user input and a `curl` fallback that interpolates data into a shell command, expanding the attack surface for exposed MCP servers. The fix landed in version 0.6.3, making upgrade the key mitigation for affected deployments.

Related Happenings

MCP STDIO arbitrary command execution security flaw

Vulnerability
First: 16.04.2026 12:40 Last: 16.04.2026 12:40 Sources 1

About this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...

Open Happening

Claude Desktop official extensions unsanitized AppleScript command injection three RCEs command injection flaw

Vulnerability
First: 29.12.2025 17:00 Last: 29.12.2025 17:00 Sources 1

About this happening: Three **RCE vulnerabilities** were disclosed in **Claude Desktop**'s official **Chrome**, **iMessage**, and **Apple Notes** connectors, exposing users to **arbitrary code executio...

Open Happening

Windows PowerShell 5.1 Invoke-WebRequest script-execution mitigation (CVE-2025-54100)

Advisory/Mitigation
First: 09.12.2025 22:45 Last: 09.12.2025 22:45 Sources 1

About this happening: **Microsoft** added a security confirmation prompt to **Windows PowerShell 5.1** so **Invoke-WebRequest** does not silently parse web pages in a way that could run embedded script...

Open Happening

Figma MCP version 0.6.3 remediation guidance

Advisory/Mitigation
First: 08.10.2025 20:14 Last: 08.10.2025 20:14 Sources 1

How related: To remediate the issue and protect their organizations, users should upgrade immediately to Figma MCP version 0.6.3 or higher; audit systems using vulnerable versions; and review logs for suspicious command execution patterns.

About this happening: Users of **Figma MCP** were told to **upgrade to version 0.6.3 or higher** to reduce exposure to a **command-injection** flaw that could enable **remote code execution**. The reme...

Open Happening

Timeline

  1. 08.10.2025 13:58 1 articles · 7mo ago

    figma-developer-mcp version 0.6.3 patches CVE-2025-53967

    Mitigation Patch Update

    figma-developer-mcp version 0.6.3, released on September 29, 2025, addresses CVE-2025-53967 by removing the vulnerable shell-execution path tied to a `curl` fallback and the use of `child_process.exec`; the recommended mitigation is to avoid shell-based execution with untrusted input and use `child_process.execFile` instead.

    Show sources
    Open in new tab
  2. 08.10.2025 13:58 3 articles · 7mo ago

    Researchers disclose CVE-2025-53967 in figma-developer-mcp

    Initial Disclosure

    Cybersecurity researchers disclosed CVE-2025-53967 in figma-developer-mcp, a command injection flaw caused by unsanitized user input that could let an attacker send arbitrary system commands and reach remote code execution under the server process's privileges. Imperva said it discovered and reported the problem in July 2025.

    Show sources
    Open in new tab