CVE-2025-54414 is a medium-severity vulnerability affecting TecharoHQ's Anubis Web AI Firewall Utility versions prior to 1.21.3. Anubis is designed to protect upstream web resources from scraper bots by challenging user connections. The vulnerability arises from improper neutralization of script-related HTML tags (CWE-80) and open redirect issues (CWE-601) in the pass-challenge page functionality. Specifically, attackers can craft malicious URLs targeting the /.within.website/x/cmd/anubis/api/pass-challenge endpoint with a ?redir= parameter that allows injection of arbitrary JavaScript code or triggers nonstandard URL schemes. This leads to a reflected Cross-Site Scripting (XSS) attack, enabling execution of arbitrary scripts in the context of the victim's browser. The vulnerability was partially addressed in version 1.21.2 but the fix was incomplete and the release was aborted. The definitive fix was introduced in version 1.21.3. The vulnerability does not require authentication (AV:N), has low attack complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:A). The impact on confidentiality and integrity is low, with no impact on availability. The scope is limited to the affected Anubis installations. The recommended workaround before patching is to block requests to the vulnerable endpoint when the ?redir= parameter is set to anything other than URLs starting with http, https, or local path redirects, preventing exploitation via malicious redirection or script injection.

For European organizations using TecharoHQ Anubis versions below 1.21.3, this vulnerability could allow attackers to execute arbitrary JavaScript in users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of users. While the direct impact on backend systems is limited, the exploitation of this XSS vulnerability could compromise user trust and lead to data leakage or phishing attacks. Organizations relying on Anubis for bot mitigation may see reduced effectiveness if attackers exploit this flaw to bypass protections or manipulate challenge pages. Given the medium severity and requirement for user interaction, the risk is moderate but significant in environments with high user traffic or sensitive data. The vulnerability could also be leveraged in targeted attacks against web applications protected by Anubis, especially if combined with social engineering to induce user clicks on malicious links.

1. Immediately upgrade TecharoHQ Anubis to version 1.21.3 or later, where the vulnerability is fully patched. 2. Implement strict input validation and sanitization on the ?redir= parameter to accept only safe URL schemes (http, https) or local paths, blocking all others. 3. Configure web application firewalls (WAFs) or reverse proxies to detect and block requests to the /.within.website/x/cmd/anubis/api/pass-challenge endpoint with suspicious or malformed ?redir= parameters. 4. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of potential XSS attacks. 5. Conduct user awareness training to recognize suspicious URLs and avoid clicking on untrusted links. 6. Monitor logs for unusual access patterns or repeated requests to the vulnerable endpoint that could indicate exploitation attempts. 7. If upgrading immediately is not feasible, apply the recommended workaround by blocking requests with unsafe ?redir= parameter values at the network or application level.