Cybersecurity researchers identified a critical security flaw in the figma-developer-mcp Model Context Protocol (MCP) server, tracked as CVE-2025-53967. The vulnerability involves a command injection issue caused by improper sanitization of user input, which could enable remote code execution if exploited. This flaw received a CVSS score of 7.5, indicating significant risk to affected systems.
The vulnerability was patched after disclosure to prevent potential exploitation by threat actors. Attackers leveraging this flaw could compromise system integrity, leading to unauthorized access and control. Organizations using this MCP implementation should verify updates and ensure their systems are protected against this exploit to minimize risk.
The discovery highlights the importance of rigorous input validation in software protocols to avoid injection risks. It also underscores ongoing challenges in securing developer tools and associated services that form an integral part of modern software development workflows.
👉 Pročitaj original: The Hacker News
