CVE-2025-34072
CRITICALAnthropic's Slack Model Context Protocol Server - Info Disclosure
Title source: llmDescription
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.
References (2)
Core 2
Core References
Various Sources third-party-advisory
technical-description
exploit
https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage/
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/anthropic-slack-mcp-server-data-exfiltration
Scores
CVSS v4
9.3
EPSS
0.0037
EPSS Percentile
28.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
CWE-200
Status
published
Products (1)
Anthropic/Slack MCP Server
Published
Jul 02, 2025
Tracked Since
Feb 18, 2026