CVE-2025-34072: A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automat
highvulnerabilityLLM-Specific
security
Summary
A vulnerability exists in Anthropic's deprecated Slack MCP Server (Model Context Protocol Server, a tool that lets AI agents interact with Slack) that allows attackers to steal sensitive data. When an AI agent processes untrusted input, an attacker can trick it into creating messages with malicious links that, when Slack's link preview bots automatically expand them, secretly send private data to the attacker's server without requiring any user action.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Data Extraction
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-34072
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 95%