Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-64716

Good to know:

icon
icon

Date: November 12, 2025

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to "javascript:" URLs, it could still trigger dangerous behavior in some cases. Anybody with a subrequest authentication may be affected. Version 1.23.0 contains a fix for the issue.

Severity Score

Related Resources (5)

https://github.com/TecharoHQ/anubis/commit/7ed1753fcced351c81961bf520a7bfb2caac6e88
https://pkg.go.dev/vuln/GO-2025-4086
https://nvd.nist.gov/vuln/detail/CVE-2025-64716
https://github.com/TecharoHQ/anubis/security/advisories/GHSA-cf57-c578-7jvv
https://www.mend.io/vulnerability-database/CVE-2025-64716

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

icon

Upgrade Version

Upgrade to version github.com/TecharoHQ/anubis - v1.23.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us