CVE-2025-64716 identifies a cross-site scripting vulnerability in TecharoHQ's Anubis Web AI Firewall Utility, specifically in versions before 1.23.0. Anubis functions as a protective layer against scraper bots by challenging user connections and authenticating subrequests. However, when subrequest authentication is enabled, the software fails to properly validate the redirect URL parameter, allowing redirection to arbitrary URL schemes, including potentially dangerous ones like 'javascript:'. This improper neutralization of input during web page generation corresponds to CWE-79 and also relates to open redirect issues (CWE-601). Although modern browsers generally prevent redirects to 'javascript:' URLs, certain browser configurations or older versions might still execute the injected scripts, leading to client-side code execution. The vulnerability does not require authentication but does require user interaction (clicking or following a redirect). The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, and user interaction needed. The scope is high because the vulnerability affects the security boundary of the system. No known exploits have been reported in the wild as of the publication date (November 13, 2025). The vendor fixed the issue in Anubis version 1.23.0 by implementing proper validation of redirect URLs to restrict allowed schemes and prevent unsafe redirects.

For European organizations, this vulnerability poses a risk primarily to web users interacting with services protected by Anubis with subrequest authentication enabled. Successful exploitation could allow attackers to execute malicious scripts in users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. This undermines the confidentiality and integrity of user data and may damage organizational reputation. Since Anubis is used as a firewall utility to protect upstream resources, exploitation could also indirectly affect availability if attackers leverage the vulnerability to bypass protections or cause denial-of-service conditions through crafted redirects. The medium severity indicates a moderate risk, but the impact could be significant in sectors with sensitive data or high regulatory requirements such as finance, healthcare, and government. Organizations relying on Anubis for bot mitigation and authentication should prioritize patching to maintain trust and compliance with European data protection standards.

European organizations using TecharoHQ Anubis should immediately upgrade to version 1.23.0 or later, where the vulnerability is fixed. In addition to patching, administrators should audit configurations to ensure subrequest authentication is correctly implemented and that redirect URLs are restricted to safe, expected schemes (e.g., HTTPS). Implementing Content Security Policy (CSP) headers can help mitigate the impact of potential XSS by restricting script execution sources. Monitoring web traffic for unusual redirect patterns or user complaints related to unexpected redirects can aid in early detection. Security teams should educate users about the risks of clicking suspicious links and consider deploying web application firewalls (WAFs) with rules to detect and block malicious redirect attempts. Finally, conduct regular security assessments and penetration tests focusing on authentication and redirect mechanisms to identify similar weaknesses proactively.