cbcvebase.
CVE-2025-53967
published 2025-10-08

CVE-2025-53967: Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST…

PriorityP263high8CVSS 3.1
AVAACHPRNUINSCCHIHAN
EPSS
7.42%
93.7th percentile
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.

Affected

2 ranges
VendorProductVersion rangeFixed in
framelinkfigma_mcp_server< 0.6.30.6.3
serverlessserverless>= 4.29.0 < 4.29.34.29.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.