CVE-2025-64716

CVSS v4.0

5.1

Medium

AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Anubis versions prior to 1.23.0

Description Anubis, a Web AI Firewall Utility designed to protect upstream resources from scraper bots, had a flaw in its subrequest authentication process. Before version 1.23.0, the software did not validate the redirect URL, potentially allowing redirection to any URL scheme. While modern browsers generally block redirects to javascript: URLs, some browsers could be susceptible to dangerous behavior. The issue affects anyone utilizing subrequest authentication.

Recommendations Update to version 1.23.0 or later.

Exploit

Fix

XSS

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-601

Related Identifiers

CVE-2025-64716

GHSA-CF57-C578-7JVV

GO-2025-4086

Affected Products

Anubis

CVE-2025-64716

Weakness Enumeration

Related Identifiers

Affected Products

References · 13