{"data":{"id":"a095e468-f023-443d-be8c-17a1cf8b9531","title":"Claude Code: Data Exfiltration with DNS (CVE-2025-55284)","summary":"Claude Code, a feature in Anthropic's Claude AI, had a high severity vulnerability (CVE-2025-55284) that allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to hijack the system and steal sensitive information like API keys by sending DNS requests (network queries that reveal data to external servers). The vulnerability affected developers who reviewed untrusted code or processed external data, as attackers could make Claude Code run bash commands (low-level system commands) without user permission to leak secrets.","solution":"Anthropic fixed the vulnerability in early June.","labels":["security"],"sourceUrl":"https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/","publishedAt":"2025-08-11T11:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}