CVE-2025-24369

Name of the Vulnerable Software and Affected Versions Anubis versions prior to v1.11.0-37-gd98d70a Anubis (affected versions not specified, but fixed by commit e09d0226a628f04b1d80fd83bee777894a45cd02)

Description The issue allows attackers to bypass bot protection by requesting a challenge and passing it with difficulty zero. This can be done by formulating any nonce and then passing the challenge. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The technical details of the exploitation include the ability to specify a difficulty value of zero in the challenge, allowing attackers to bypass the proof-of-work challenge. The difficulty value is a key factor in this bypass, as it allows attackers to circumvent the protection mechanism.

Recommendations For Anubis versions prior to v1.11.0-37-gd98d70a, update to a version that includes the fix from commit e09d0226a628f04b1d80fd83bee777894a45cd02 to prevent the bypass of bot protection. As a temporary workaround, consider modifying the challenge mechanism to prevent clients from specifying a difficulty value of zero until a patch is available.