How to fix CVE-2025-34072?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is Anthropic affected by CVE-2025-34072?

CVE-2025-34072 presents critical security risk, a input validation vulnerability rated CVSS 9.3. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Anthropic CVE-2025-34072

EUVD-2025-19718 CRITICAL

Improper Input Validation (CWE-20)

2025-07-02 [email protected]

Information Disclosure

9.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:55 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:55 euvd

EUVD-2025-19718

CVE Published

Jul 02, 2025 - 14:15 nvd

CRITICAL 9.3

DescriptionNVD

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-34072 vulnerability details – vuln.today

Back