CVE-2025-34072

CRITICAL EPSS 29.0%
Published Jul 2, 20251y ago · Modified Jun 17, 20262w ago
9.3 CVSS 4.0
Critical
Find Similar
Published Jul 2, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
29.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

References 2

  • embracethered.com https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage/
  • vulncheck.com https://vulncheck.com/advisories/anthropic-slack-mcp-server-data-exfiltration

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.