Worrying Figma MCP security flaw could let hackers execute code remotely – here’s how to stay safe

Worrying Figma MCP security flaw could let hackers execute code remotely – here’s how to stay safe




  • CVE-2025-53967 allows remote code execution via figma-developer-mpc command injection flaw
  • Vulnerability stems from unvalidated input passed to shell commands using child_process.exec
  • Users should upgrade to version 0.6.3 or switch to safer child_process.execFile API

A vulnerability has been found on the bridge between Figma and AI agents which could be used to remotely execute malicious code on compromised endpoints, experts have warned.

A new security advisory published on GitHub says the ‘figma-developer-mpc’ npm package is vulnerable to a command injection flaw.



Source: Techradar

Leave a Reply

Your email address will not be published. Required fields are marked *