CVE-2025-24369 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-24369 PUBLISHED CVSS 2.299999952316284 LOW

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.

EPSS 0.18% · 38.9th percentile

Risk Scores

CVSS v4.0

2.299999952316284

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.18%

38.9th percentile

Affected Products

Vendor	Product	Versions
Xe	x	< v1.11.0-37-gd98d70a, < v1.11.0-37-gd98d70a

Timeline

Jan 21, 1970 Security Advisory
Jan 27, 2025 CVE Published
Jan 27, 2025 PoC Published
Jan 27, 2025 PoC Published
Jan 28, 2025 EPSS Score
Jan 28, 2025 PoC Published
Feb 2, 2025 Coalition ESS Score
Feb 12, 2025 EPSS Score
Feb 26, 2025 EPSS Score
Mar 13, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Apr 11, 2025 EPSS Score

References

Open in Interactive Console →