CVE-2025-64716

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...

CVE-2025-64716

CVE-2025-64716 affects the Anubis Web AI Firewall Utility. Prior to version 1.23.0, the subrequest authentication flow did not validate the redirect URL, allowing redirects to arbitrary URL schemes and potentially triggering dangerous behavior (e.g., XSS via redirect parameters) in some contexts....

CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...