A critical remote code execution vulnerability has been identified in Framelink Figma MCP Server, designated CVE-2025-15061. This flaw allows an unauthenticated remote attacker to execute arbitrary commands and take full control of the affected server. Due to its critical severity (CVSS 9.8) and the lack of a need for user credentials, this vulnerability poses a significant and immediate risk of complete system compromise.

This is a command injection vulnerability that exists within the fetchWithRetry method of the Framelink Figma MCP Server. The application fails to properly sanitize or validate a user-supplied string before incorporating it into a system command. A remote, unauthenticated attacker can send a specially crafted request containing malicious commands, which the server will then execute with the privileges of the running service account, leading to remote code execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected server, allowing an attacker to steal, modify, or delete sensitive data, disrupt critical business operations, or deploy ransomware. Since the server can be compromised without authentication, it presents an easily accessible entry point for attackers to pivot into the wider corporate network, escalating the potential for a more significant data breach or system-wide incident.

Immediate Action: The primary and most effective remediation is to apply the security updates provided by the vendor immediately. Upgrade Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Multiple Products to the latest patched version.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. Review application and web server logs for unusual requests, especially those containing shell metacharacters (e.g., ;, |, &&, $(), `). Monitor for unexpected processes being spawned by the service account, anomalous outbound network traffic from the server, and any unauthorized changes to system files.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block common command injection attack patterns.
• Implement strict egress filtering to prevent the server from establishing outbound connections to unknown or malicious destinations, which could disrupt an attacker's command-and-control channel.
• Restrict network access to the affected server to only trusted hosts and services.
• Ensure the service account runs with the principle of least privilege to limit the potential damage of a successful exploit.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the lack of an authentication requirement, this vulnerability represents a severe and urgent threat. We strongly recommend that organizations identify all affected Framelink Figma MCP Server instances and apply the vendor-supplied patch on an emergency basis. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime candidate for future inclusion and a high-value target for attackers. Prioritize patching this vulnerability above all other routine security updates.