CVE-2025-54414

Name of the Vulnerable Software and Affected Versions Anubis versions 1.21.2 and below

Description Anubis is a Web AI Firewall Utility designed to protect upstream resources from scraper bots. Attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript code or trigger other nonstandard schemes. The incomplete fix was initially tagged in version 1.21.2, but the release was aborted. The issue is addressed in version 1.21.3.

Recommendations Block any requests to the /api/pass-challenge route with the redir parameter set to anything that doesn't start with the URL scheme http, https, or no scheme (local path redirect). Update to version 1.21.3.