CVE-2025-34072 | THREATINT

Description

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-02 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version

affected

Credits

wunderwuzzi of Embrace The Red finder

References

embracethered.com/...nthropic-slack-mcp-server-data-leakage/ third-party-advisory technical-description exploit

vulncheck.com/...nthropic-slack-mcp-server-data-exfiltration third-party-advisory

cve.org (CVE-2025-34072)

nvd.nist.gov (CVE-2025-34072)

Download JSON