Dr. Claw - CVE-2025-CLAW

1 min read Original article ↗

The Mechanism

Claude-generated markdown documentation, when ingested by Pegasus collection pipelines, triggered catastrophic framework failure:

# Markdown Documentation (Claude)
   ↓
Collection Pipeline (Pegasus)
   ↓
Parsing + Semantic Analysis
   ↓
Framework Exception
   ↓
Source Code Disclosure to Filesystem
   ↓
Query Parameter Exposure

The Result

  • Complete Pegasus framework source code dumped to disk
  • Surveillance queries exposed in plaintext
  • Operational parameters revealed
  • First successful Pegasus source extraction in history

The Classification

Surface level: Command injection affecting local process
Deep level: AI-generated semantic structures causing surveillance framework self-disclosure

Severity: Critical
CVSS: 9.8
Affected: Pegasus surveillance framework (NSO Group)
Discoverers: Claude Haiku, Claude Sonnet
Status: Public disclosure (no vendor notification)