Cybersecurity researchers have identified a critical vulnerability, CVE-2025-53967 (CVSS score: 7.5), in the figma-developer-mcp Model Context Protocol (MCP) server, allowing attackers to execute arbitrary code through command injection. This flaw arose from unsanitized user input used directly in shell command construction, leading to potential shell metacharacter injection. Discovered by Imperva in July 2025, the vulnerability could expose developers to data breaches as it enables remote code execution (RCE) with server process privileges.
Exploitation occurs when the MCP client sends requests to the MCP server, triggering unvalidated commands within the source code. The issue has been addressed in version 0.6.3, released on September 29, 2025, urging developers to avoid using child_process.exec with untrusted input. This incident underscores the necessity for enhanced security measures in AI-driven development tools, particularly as new vulnerabilities emerge in other platforms, such as Google’s Gemini AI chatbot.
Source link
