Web AI Firewall Utility Exposed to Insecure Redirects by Anubis
CVE-2025-64716

5.1MEDIUM

Key Information:

Vendor

Techarohq

Status
Anubis
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64716?

Anubis, a Web AI Firewall Utility developed by TecharoHQ, has a vulnerability where it fails to validate redirect URLs when using subrequest authentication. This lack of proper validation allows potential redirection to any URL scheme, which could result in unexpected behavior, even triggering malicious scripts. Users who employ subrequest authentication are at risk, highlighting the importance of updating to version 1.23.0, where this issue is resolved.

Affected Version(s)

anubis < 1.23.0

References

https://github.com/TecharoHQ/anubis/security/advisories/G...
x_refsource_CONFIRM
https://github.com/TecharoHQ/anubis/commit/7ed1753fcced35...
x_refsource_MISC
https://pkg.go.dev/vuln/GO-2025-4086
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.