Asana

Asana, a work management platform, faced a data exposure due to a logic flaw in its Model Context Protocol (MCP) feature. The flaw allowed data from different Asana instances to be exposed to other users, potentially leaking sensitive information such as task-level details, project metadata, team details, comments, discussions, and uploaded files. The exposure lasted for over a month, from May 1 to June 4, 2025, affecting roughly 1,000 customers. This incident could create privacy and regulatory complexities for impacted entities.

Source: https://www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/

TPRM report: https://scoringcyber.rankiteo.com/company/asana

"id": "asa901061825",
"linkid": "asana",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Roughly 1,000 customers',
                        'industry': 'Project and Task Management',
                        'location': 'Global',
                        'name': 'Asana',
                        'size': 'Over 130,000 paying customers and millions of '
                                'free-tier users',
                        'type': 'SaaS Platform'}],
 'attack_vector': 'Logic Flaw',
 'customer_advisories': 'Notices sent to impacted organizations',
 'data_breach': {'sensitivity_of_data': 'Potentially sensitive',
                 'type_of_data_compromised': ['Task-level information',
                                              'Project metadata',
                                              'Team details',
                                              'Comments and discussions',
                                              'Uploaded files']},
 'date_detected': '2025-06-04',
 'date_resolved': '2025-06-17',
 'description': "A logic flaw in Asana's Model Context Protocol (MCP) feature "
                "led to data exposure from users' instances to other users and "
                'vice versa.',
 'impact': {'data_compromised': ['Task-level information',
                                 'Project metadata',
                                 'Team details',
                                 'Comments and discussions',
                                 'Uploaded files'],
            'systems_affected': 'MCP Server'},
 'investigation_status': 'Completed',
 'lessons_learned': 'Review Asana logs for MCP access, review generated AI '
                    'summaries or answers, and report any suspicious data. Set '
                    'LLM integration to restricted access and pause '
                    'auto-reconnections and bot pipelines.',
 'post_incident_analysis': {'corrective_actions': 'MCP server taken offline '
                                                  'and returned to normal '
                                                  'operational status',
                            'root_causes': 'Logic flaw in MCP system'},
 'recommendations': 'Review Asana logs for MCP access, review generated AI '
                    'summaries or answers, and report any suspicious data. Set '
                    'LLM integration to restricted access and pause '
                    'auto-reconnections and bot pipelines.',
 'references': [{'source': 'BleepingComputer'}, {'source': 'UpGuard'}],
 'response': {'communication_strategy': 'Notices sent to impacted '
                                        'organizations',
              'containment_measures': 'MCP server taken offline',
              'recovery_measures': 'MCP server returned to normal operational '
                                   'status'},
 'stakeholder_advisories': 'Notices sent to impacted organizations',
 'title': 'Asana MCP Data Exposure Incident',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Software Bug in MCP Server'}