Claude Code: Data Exfiltration with DNS (CVE-2025-55284) · Embrace The Red
A good ol' exfiltration-via-DNS attack. Some day the LLM community will stop reinventing all the classic exploits, I have to assume -- but today is not that day.
(Step one in that process would be to realise that embedding user input into the prompt is a classic in-band signalling vulnerability, which has nearly 60 years of documented infosec history since the days of 2600Hz tones and blue boxes.)
Tags: exfiltration dns ping attacks exploits llms claude claude-code security infosec