CVE-2025-64716 identifies a cross-site scripting vulnerability (CWE-79) in TecharoHQ's Anubis Web AI Firewall Utility, specifically versions before 1.23.0. Anubis functions as a protective layer against scraper bots by challenging user connections and authenticating subrequests. The vulnerability stems from Anubis's failure to validate redirect URLs during subrequest authentication, allowing redirection to arbitrary URL schemes, including potentially dangerous ones like 'javascript:'. While most modern browsers block 'javascript:' redirects to prevent script execution, some edge cases or older browsers might still process these redirects, enabling attackers to execute malicious scripts in the context of the victim's browser session. This can lead to client-side attacks such as session hijacking, phishing, or unauthorized actions performed on behalf of the user. The vulnerability does not require authentication but does require user interaction (clicking or following the redirect). The CVSS 4.0 score of 5.1 reflects a medium severity, considering network attack vector, low attack complexity, no privileges required, but user interaction needed. The scope is high because the vulnerability affects the security boundary of the web application. No known exploits are reported in the wild yet. The issue is resolved in Anubis version 1.23.0 by implementing proper validation of redirect URLs to restrict allowed schemes and prevent unsafe redirects.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data accessed through web applications protected by Anubis. Successful exploitation could allow attackers to execute arbitrary scripts in users' browsers, potentially leading to theft of session tokens, redirection to phishing sites, or unauthorized actions performed with the user's privileges. Organizations relying on Anubis for bot mitigation and web application protection may face increased risk of client-side attacks, undermining trust and potentially causing data breaches or service disruptions. The impact is heightened for sectors with sensitive data or critical infrastructure, such as finance, healthcare, and government services. Additionally, compliance with GDPR and other data protection regulations may be jeopardized if user data is compromised due to this vulnerability. Although exploitation requires user interaction, phishing or social engineering campaigns could facilitate attacks. The medium severity suggests a moderate but actionable risk that should be addressed promptly to avoid escalation or chaining with other vulnerabilities.

European organizations using Anubis should immediately upgrade to version 1.23.0 or later, where the vulnerability is fixed by proper validation of redirect URLs. Until the upgrade is applied, organizations should implement strict input validation and sanitization on any user-controllable redirect parameters at the application layer to prevent unsafe URL schemes. Employ Content Security Policy (CSP) headers to restrict script execution and reduce the impact of potential XSS attacks. Monitor web traffic for unusual redirect patterns or user complaints indicative of exploitation attempts. Educate users about the risks of clicking suspicious links, especially those involving redirects. If feasible, disable subrequest authentication or restrict its usage to trusted sources only. Conduct regular security assessments and penetration testing focusing on redirect and input validation mechanisms. Finally, maintain up-to-date browser versions across the organization to leverage built-in protections against malicious redirects.