CVE-2025-24369
Description
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.
Is your site exposed to CVE-2025-24369?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-24369? +
How do I check if I'm vulnerable to CVE-2025-24369? +
Related Vulnerabilities
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve …
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally …
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. …
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to …
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to …