CNNVD-202510-1137 Information
CNNVD ID
CNNVD-202510-1137
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
Framelink Figma MCP Server是Graham Lipsman个人开发者的一个MCP服务器。 Framelink Figma MCP Server 0.6.3之前版本存在安全漏洞,该漏洞源于未正确清理用户输入,可能导致执行任意操作系统命令。
Description (English)
Framelink Figma MCP Server is an MCP server for Graham Lipsman’s personal developer. There was a security loophole in the previous version of Framelink Figma MCP Server 0.6.3, which resulted from the incorrect clean-up of user input and could lead to the execution of arbitrary operating system commands.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-08
Last Modified
2026-02-24
References
https://github.com/GLips/Figma-Context-MCP/blob/96b3852669c5eed65e4a6e20406c25504d9196f2/src/utils/fetch-with-retry.ts#L34 https://github.com/GLips/Figma-Context-MCP/releases/tag/v0.6.3 https://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/ https://access.redhat.com/security/cve/cve-2025-53967
Patch
https://github.com/GLips/Figma-Context-MCP/releases
Share on: