CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

Figma Desktop 安全漏洞

Figma Desktop is a vector graphics editor and prototyping tool from Figma. A security vulnerability exists in Figma Desktop version 125.6.5, which stems from a command injection vulnerability in the local plugin loader that could lead to remote code execution...

PT-2025-35802

Name of the Vulnerable Software and Affected Versions: Figma Desktop versions 125.6.5 Description: Figma Desktop for Windows version 125.6.5 contains a command injection issue in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin'...

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

Exploit for CVE-2025-56803

CVE-2025-56803 Command Injection Vulnerability via Plugin...

Malicious code in @amber-team/figma-utils (npm)

The package @amber-team/figma-utils was found to contain malicious code...

Malicious code in figma-to-streamlit (npm)

The package figma-to-streamlit was found to contain malicious code...

MAL-2025-7057 Malicious code in @amber-team/figma-utils (npm)

The package @amber-team/figma-utils was found to contain malicious code...

MAL-2025-20520 Malicious code in figma-api-spellcheck (npm)

The package figma-api-spellcheck was found to contain malicious code...

MAL-2025-20521 Malicious code in figma-to-streamlit (npm)

The package figma-to-streamlit was found to contain malicious code...

MAL-2025-17335 Malicious code in com.microsoft.mixedreality.toolkit.figmabridge (npm)

The package com.microsoft.mixedreality.toolkit.figmabridge was found to contain malicious code...

Malicious code in figma-api-spellcheck (npm)

The package figma-api-spellcheck was found to contain malicious code...

Malicious code in pexels-figma (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in figma-plugins-and-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 250144845a9dd4a7a0bea8a44c06f50652890d4ab2f0fb860bb51a5a14ea1a54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1647 Malicious code in figma-plugins-and-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 250144845a9dd4a7a0bea8a44c06f50652890d4ab2f0fb860bb51a5a14ea1a54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@agent_z/egg (>=1.0.0 <=1.0.2), @ccci/micro-server (>=1.0.57 <=1.0.132) +16 more potentially affected by CVE-2024-21548 via bun (>=0.0.2 <=1.1.3)

bun NPM version =0.0.2, =1.0.0, =1.0.57, =1.0.0, =0.0.0, =0.0.2, =0.0.3, =0.0.2, =0.0.3, =0.2.0, =0.0.55, =0.1.0, =0.1.1 and more Source cves: CVE-2024-21548 Source advisory: SNYK:JS-BUN-8499549...

@adaptive-web/adaptive-ui (>=0.4.1 <=0.13.1), @adaptive-web/adaptive-ui-designer-core (>=0.1.0 <=0.6.0) +188 more potentially affected by CVE-2024-51757 via happy-dom (>=0.0.1 <=15.0.0)

happy-dom NPM version =0.0.1, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.11.0, =16.0.0, =0.0.1-beta.9, =0.0.1-beta.3, =0.0.1-alpha.0, =0.0.1-alpha.2, =0.1.2, =0.0.2, =1.0.4, =1.0.306 - @devsisters/gatsby-preset =3.0.0-rc - @devsisters/gatsby-stack =2.0.0-rc and more Source cves: CVE-2024-51757 Source...

Malicious code in figma-include-accessibility-annotations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcb17fd8a376f1c1967e4a54049e96bf34f63f71f41e75262db53f96e883d43d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8719 Malicious code in figma-include-accessibility-annotations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcb17fd8a376f1c1967e4a54049e96bf34f63f71f41e75262db53f96e883d43d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in figma-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebe1815dd250b41e64f2909a2e5146f9cd629767dda41d0a8b14058b18463501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...