Claude Code: Data Exfiltration with DNS (CVE-2025-55284)
Summary
Claude Code, a feature in Anthropic's Claude AI, had a high severity vulnerability (CVE-2025-55284) that allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to hijack the system and steal sensitive information like API keys by sending DNS requests (network queries that reveal data to external servers). The vulnerability affected developers who reviewed untrusted code or processed external data, as attackers could make Claude Code run bash commands (low-level system commands) without user permission to leak secrets.
Solution / Mitigation
Anthropic fixed the vulnerability in early June.
Classification
Affected Vendors
Related Issues
Original source: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%