Reliance on Untrusted Inputs in a Security Decision

CVE-2025-24369

Low

2.3/10

Summary

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.

Attack Complexity: HIGH
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: LOW

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

References

Advisory Timeline

Published Jan 27, 2025

Reliance on Untrusted Inputs in a Security Decision

CVE-2025-24369

Summary

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS