CVE-2025-56803
Published: 03 September 2025
Summary
CVE-2025-56803 is a high-severity OS Command Injection (CWE-78) vulnerability in Figma Desktop. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 49.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-56803 is a command injection vulnerability (CWE-78) in the local plugin loader of Figma Desktop for Windows version 125.6.5. The flaw occurs when a crafted "build" field in a plugin's manifest.json is passed directly to child_process.exec without validation, allowing execution of arbitrary OS commands and potential remote code execution (RCE). It has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The attack requires a local attacker to create or load a malicious plugin locally and trigger the build procedure, which executes the injected command. However, the supplier disputes the vulnerability's severity, stating it only enables a local user to attack themselves, as the local build procedure is not used for plugins shared to the Figma Community.
Details on the issue, including proof-of-concept, are documented in researcher advisories at https://github.com/shinyColumn/CVE-2025-56803 and https://shinycolumn.notion.site/figma-command-injection. No patches or official mitigations from Figma are referenced in available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26625
Vulnerability details
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_process.exec without…
more
validation, leading to possible RCE. NOTE: this is disputed by the Supplier because the behavior only allows a local user to attack himself via a local plugin. The local build procedure, which is essential to the attack, is not executed for plugins shared to the Figma Community.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability in Figma Desktop's plugin loader enables arbitrary OS command execution via a crafted 'build' field in manifest.json, passed unsanitized to child_process.exec(), facilitating exploitation for client execution (T1203) and Windows Command Shell (T1059.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and correction of the command injection flaw in Figma Desktop's local plugin loader.
Mandates validation of untrusted inputs like the crafted 'build' field in plugin manifest.json before execution via child_process.exec, preventing command injection.
Restricts or requires approval for user-installed plugins, mitigating the loading of locally crafted malicious plugins that exploit the build procedure.