CVE-2025-34072
CRITICAL EPSS 29.0%
Published Jul 2, 20251y ago · Modified Jun 17, 20262w ago
9.3 CVSS 4.0
Published Jul 2, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
29.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-20 Improper Input Validation Validation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
References 2
- embracethered.com https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage/
- vulncheck.com https://vulncheck.com/advisories/anthropic-slack-mcp-server-data-exfiltration
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.