What is CVE-2025-15061?

CVE-2025-15061 is a critical-severity vulnerability in Framelink Figma Mcp Server, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-01-23.

How severe is CVE-2025-15061?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Framelink Figma Mcp Server

CVE-2025-15061

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication i…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.004 (61.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Framelink Figma Mcp Server — versions 72cae181ecf15b85787b9fe3bb14000d80a6b2df

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

ZDI-25-1197 (x_research-advisory)
vendor-provided URL (vendor-advisory)

Frequently asked questions

What is CVE-2025-15061?: CVE-2025-15061 is a critical-severity vulnerability in Framelink Figma Mcp Server, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-01-23.
How severe is CVE-2025-15061?: Critical severity. CVSS v3 base score is 9.8 out of 10.