Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

A severe vulnerability (CVE-2025-53967) in the Figma MCP server, discovered by Imperva, allows attackers to achieve remote code execution through command injection. The flaw, patched in version 0.6.3, stems from unsanitized user input in shell commands, enabling attackers to execute arbitrary system commands. This vulnerability highlights the importance of security considerations in AI-driven development tools.