CVE-2025-15061
published 2026-01-23CVE-2025-15061: Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
PriorityP276critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.13%
79.6th percentile
Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27877.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| framelink | figma_mcp_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8675-cg27-5c39: Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability
ghsa_unreviewed·2026-01-23
CVE-2025-15061 [CRITICAL] CWE-78 GHSA-8675-cg27-5c39: Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability
Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27877.
OSV
figma-developer-mcp vulnerable to command injection in get_figma_data tool
osv·2025-09-30
CVE-2025-15061 [HIGH] figma-developer-mcp vulnerable to command injection in get_figma_data tool
figma-developer-mcp vulnerable to command injection in get_figma_data tool
### Summary
A command injection vulnerability exists in the `figma-developer-mcp` MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.exec`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges.
The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (`|`, `>`, `&&`, etc.).
### Details
The MCP Server exposes tools to perform several figma operations. An MCP Client can be instructed to execute additional actions for example via
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-23
Published