Figma Patches Command Injection Vulnerability in Developer Tooling

On October 14, 2025, as part of the monthly 'Patch Tuesday,' a command injection vulnerability identified as CVE-2025-53967 was disclosed and patched in Figma's figma-developer-mcp server. The vulnerability carried a CVSS score of 7.5, indicating a high severity. The patch was included in version 0.6.3 of the affected software. This security update is crucial for developers using Figma's tooling to prevent potential unauthorized command execution. No market reaction or widespread exploitation was mentioned in the immediate reports.

Related News

🟢 FIG is trading 3.06% up today as Q4 revenue beats and AI momentum drives growth

🟢 FIG is trading 15% up today after beating Q4 estimates and issuing strong FY2026 guidance

🟢 FIG is trading 15.7% up today on Q4 earnings beat and 136% Net Dollar Retention

Figma's fourth quarter 2025 revenue accelerated to 40% growth as Net Dollar Retention rose to 136%.

Figma Eyes AI-Driven Growth as Q4 Revenue Forecast Hits $293 Million