Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
08 October 2025
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.
The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can