The rapid advancement of Artificial Intelligence (AI) tools is outpacing secure coding practices, making them attractive targets for attackers. Imperva Threat Research uncovered a critical Remote Code Execution (RCE) vulnerability (CVE-2025-53967) in the widely used Framelink Figma MCP Server. This open-source project, with over 10,000 stars on GitHub, allows seamless integration of AI coding agents with design data. The vulnerability stems from a design flaw in the server’s fallback mechanism, enabling attackers to execute arbitrary shell commands and compromise developer machines. To mitigate risks, organizations should adopt stringent dependency management, conduct regular security reviews, and monitor security advisories. Users are urged to update to version 0.6.3 to patch this vulnerability or transition to the official Figma MCP server. As AI development continues to grow, prioritizing security in AI tools is essential to prevent exploitation and protect sensitive assets. For more information, visit Imperva’s blog.
