Framelink Figma Mcp Server vulnerabilities
2 known vulnerabilities affecting framelink/figma_mcp_server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-15061P2CRITICALCVSS 9.8v72cae181ecf15b85787b9fe3bb14000d80a6b2df2026-01-23
CVE-2025-15061 [CRITICAL] CWE-78 CVE-2025-15061: Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. Thi
Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the fetchW
nvd
CVE-2025-53967P2HIGHCVSS 8.0fixed in 0.6.32025-10-08
CVE-2025-53967 [HIGH] CWE-420 CVE-2025-53967: Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitra
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malici
nvd