CVE-2025-54414 is a medium-severity vulnerability affecting TecharoHQ's Anubis Web AI Firewall Utility versions prior to 1.21.3. Anubis is designed to protect upstream web resources from scraper bots by challenging user connections. The vulnerability arises from improper neutralization of script-related HTML tags (CWE-80) combined with an open redirect issue (CWE-601) in the pass-challenge mechanism. Specifically, attackers can craft malicious pass-challenge pages targeting the endpoint /.within.website/x/cmd/anubis/api/pass-challenge with a ?redir= parameter that allows arbitrary JavaScript execution or triggering of nonstandard URI schemes. This occurs because the input validation on the ?redir= parameter is insufficient, allowing redirection to URLs with schemes other than http, https, or local paths, enabling cross-site scripting (XSS) attacks. The vulnerability was partially addressed in version 1.21.2 but the fix was incomplete and the release aborted. The issue was fully resolved in version 1.21.3. Exploitation requires user interaction (the user must access the crafted URL), but no authentication or privileges are needed, and the attack vector is network accessible. The CVSS 4.0 score is 5.1 (medium), reflecting the moderate impact on confidentiality and integrity with limited availability impact. No known exploits are currently in the wild. The vulnerability could be leveraged to execute arbitrary JavaScript in the context of the vulnerable web application, potentially leading to session hijacking, credential theft, or further attacks against users or backend systems.

For European organizations using TecharoHQ's Anubis firewall utility, this vulnerability poses a risk of client-side script injection that can compromise user sessions and data confidentiality. Since Anubis is positioned as a protective layer against scraper bots, a successful XSS attack could undermine trust in the security controls and potentially allow attackers to bypass protections or manipulate user interactions. This could lead to data leakage, unauthorized actions performed on behalf of users, or the spread of malware through injected scripts. Organizations relying on Anubis to secure sensitive web applications or APIs may face reputational damage and regulatory scrutiny under GDPR if user data is compromised. The medium severity suggests that while the threat is not critical, it is significant enough to warrant prompt remediation to prevent exploitation, especially in sectors with high compliance requirements such as finance, healthcare, and government services prevalent in Europe.

1. Upgrade Anubis to version 1.21.3 or later immediately, as this version contains the complete fix for the vulnerability. 2. Until the upgrade can be performed, implement a strict web application firewall (WAF) or reverse proxy rule to block requests to the /.within.website/x/cmd/anubis/api/pass-challenge endpoint where the ?redir= parameter contains URL schemes other than http, https, or local paths. 3. Conduct thorough input validation and sanitization on all user-controllable parameters, especially those involved in redirection or challenge-response flows. 4. Monitor web server and application logs for suspicious requests targeting the vulnerable endpoint to detect potential exploitation attempts. 5. Educate users about the risks of clicking on untrusted links and implement Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks. 6. Perform regular security assessments and penetration testing focused on client-side injection vulnerabilities in web-facing components.