U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2025-24369 Detail

Description

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  GitHub, Inc.
CVSS-B 2.3 LOW
Vector:  CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://github.com/Xe/x/commit/7bd7b209f4f1b897de85ec8973458dc8be606a8b
https://github.com/Xe/x/commit/e09d0226a628f04b1d80fd83bee777894a45cd02
https://github.com/Xe/x/security/advisories/GHSA-56w8-8ppj-2p4f
https://xeiaso.net/notes/2025/GHSA-56w8-8ppj-2p4f

Weakness Enumeration

CWE-ID CWE Name Source
CWE-807 Reliance on Untrusted Inputs in a Security Decision GitHub, Inc.  

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-24369
NVD Published Date:
01/27/2025
NVD Last Modified:
01/27/2025
Source:
GitHub, Inc.