CVE-2025-15061 | Framelink Figma MCP Server command injection (ZDI-25-1197)

December 30, 2025 Yanac

A vulnerability was found in Framelink Figma MCP Server. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes command injection.

This vulnerability is tracked as CVE-2025-15061. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More

CVE-2025-15062 | Trimble SketchUp 13.0.4124/24.0.553 SKP File Parser use after free (ZDI-25-1198)
CVE-2025-15059 | GIMP PSP File Parser heap-based overflow (ZDI-25-1196)