CVE-2025-64716
Published: Nov 13, 2025
Modified: Nov 13, 2025
Description
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to `javascript:` URLs, it could still trigger dangerous behavior in some cases. Anybody with a subrequest authentication may be affected. Version 1.23.0 contains a fix for the issue.
| Vendor | Product | Versions |
|---|---|---|
TecharoHQ | anubis | affected < 1.23.0 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now