We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34072

Anthropic Slack MCP Server Data Exfiltration via Link Unfurling



Description

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-02 | Assigner VulnCheck


CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version
affected

Credits

wunderwuzzi of Embrace The Red finder

References

embracethered.com/...nthropic-slack-mcp-server-data-leakage/ third-party-advisory technical-description exploit

vulncheck.com/...nthropic-slack-mcp-server-data-exfiltration third-party-advisory

cve.org (CVE-2025-34072)

nvd.nist.gov (CVE-2025-34072)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34072

Support options

Helpdesk Chat, Email, Knowledgebase