Medium severityOSV Advisory· Published Nov 13, 2025· Updated Apr 15, 2026

CVE-2025-64716

Description

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. Anybody with a subrequest authentication may be affected. Version 1.23.0 contains a fix for the issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/TecharoHQ/anubisGo	< 1.23.0	1.23.0

Affected products

Techarohq/AnubisOSV
Range: 1.17.0-beta2, v1.12.1, v1.13.0, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-cf57-c578-7jvvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-64716ghsaADVISORY
github.com/TecharoHQ/anubis/commit/7ed1753fcced351c81961bf520a7bfb2caac6e88nvdWEB
github.com/TecharoHQ/anubis/security/advisories/GHSA-cf57-c578-7jvvnvdWEB
pkg.go.dev/vuln/GO-2025-4086nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000