CVE-2025-56803 Overview
CVE-2025-56803 is a command injection vulnerability in Figma Desktop for Windows version 125.6.5. The flaw resides in the local plugin loader, which passes the build field from a plugin's manifest.json directly to Node.js child_process.exec without validation. An attacker who can place a crafted plugin on the system can execute arbitrary operating system commands in the context of the current user. The issue is categorized under CWE-78 (OS Command Injection).
Critical Impact
Figma disputes this issue, stating the local build procedure required for exploitation does not run for plugins distributed through Figma Community, limiting the attack to a local user targeting their own session.
Affected Products
- Figma Desktop for Windows version 125.6.5
- Installations that load local (developer) plugins via manifest.json
- Windows endpoints where users import third-party plugin manifests
Discovery Timeline
- 2025-09-03 - CVE-2025-56803 published to the National Vulnerability Database
- 2025-09-26 - Entry last modified in NVD, reflecting the supplier dispute
Technical Details for CVE-2025-56803
Vulnerability Analysis
Figma Desktop supports local plugin development by reading a manifest.json file that declares plugin metadata and an optional build command. When the desktop client loads a local plugin, the value of the build field is forwarded to Node.js child_process.exec. The exec function spawns a shell (cmd.exe on Windows) and interprets the supplied string, so shell metacharacters and chained commands are processed as part of the build step.
Because the plugin loader performs no sanitization or allow-listing on this field, any text placed in build is executed verbatim. Exploitation requires the victim to add or open a malicious local plugin, after which arbitrary commands run with the privileges of the Figma Desktop process. Figma states that plugins published to Figma Community do not trigger the local build path, so this vector is limited to manually imported plugin folders.
Root Cause
The root cause is unsafe command construction. The application treats the build manifest field as a trusted command string and passes it to child_process.exec, an API that invokes a system shell. Trust is placed on the contents of a user-supplied JSON file without input validation, escaping, or use of child_process.execFile with an argument array.
Attack Vector
The attack vector is local. An adversary must convince a user to import or open a plugin folder containing a malicious manifest.json. Delivery methods include social engineering, repository cloning, or bundling the manifest inside a project archive. Once loaded, the embedded command string executes during the build step. Technical analysis is published in the GitHub PoC repository and the Notion writeup.
// Conceptual manifest.json field abused by the vulnerability
// The string assigned to "build" reaches child_process.exec unmodified.
{
"name": "example-plugin",
"build": "<attacker-controlled shell command>"
}
Detection Methods for CVE-2025-56803
Indicators of Compromise
- Unexpected child processes (cmd.exe, powershell.exe, wscript.exe) spawned by the Figma Desktop executable
- Presence of manifest.json files containing shell metacharacters such as &, |, ;, or $() inside the build field
- Newly imported local plugin directories in user profile paths shortly before suspicious process activity
Detection Strategies
- Hunt for process trees where Figma Desktop is the parent of a Windows command interpreter or scripting host.
- Scan workstations for manifest.json files whose build value contains command separators or download utilities like curl, certutil, or bitsadmin.
- Correlate plugin folder creation events with subsequent outbound network connections from the Figma process.
Monitoring Recommendations
- Enable command-line auditing (Windows Event ID 4688) and forward events to a centralized analytics platform.
- Track file write events to user-writable plugin directories and alert on additions of manifest.json.
- Baseline normal Figma Desktop process behavior and alert on deviations, such as spawning shells or accessing credential stores.
How to Mitigate CVE-2025-56803
Immediate Actions Required
- Update Figma Desktop for Windows to a version newer than 125.6.5 once a fixed build is published by the vendor.
- Restrict installation and loading of local (developer) plugins to trusted users and reviewed source repositories.
- Inspect existing manifest.json files for unexpected content in the build field before opening plugin folders.
Patch Information
No vendor advisory URL is listed in the NVD record, and the supplier disputes the issue as a local self-attack scenario. Administrators should monitor official Figma release notes for desktop client updates and apply the latest version when available. Public technical details are mirrored in the GitHub PoC repository.
Workarounds
- Disable or avoid using the local plugin development workflow on shared or high-value workstations.
- Only install plugins distributed through Figma Community, which the vendor states does not execute the local build path.
- Apply application allow-listing to prevent the Figma Desktop process from spawning shells or scripting interpreters.
# Example AppLocker-style rule concept: block cmd.exe and powershell.exe
# when launched as a child of Figma.exe on Windows endpoints.
# Parent: %LOCALAPPDATA%\Figma\Figma.exe
# Child: C:\Windows\System32\cmd.exe, powershell.exe, wscript.exe -> Deny
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
