THREATOPS
THREAT OPSThreat News › Claude Code: Data Exfiltration with DNS (CVE-2025-55284)

Claude Code: Data Exfiltration with DNS (CVE-2025-55284)

lowembracetheredPublished 2025-08-11

<a id="top_ref"></a>

<p>Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer&rsquo;s machine, e.g. API keys, to external servers by issuing DNS requests.</p> <h2 id="prompt-injection-hijacks-claude">Prompt Injection

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/