CVE-2025-24369
Published: 27 January 2025
Summary
CVE-2025-24369 is a low-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Xeiaso (inferred from references). Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Stealth (T1211); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: AML.T0040.000, Invert AI Model (AML.T0024.001), Direct (AML.T0051.000).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3683
Vulnerability details
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates…
more
any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Anubis allows attackers to bypass bot protection heuristics and proof-of-work challenges by specifying zero difficulty, enabling exploitation for defense evasion.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Prevents reliance on untrusted matching results for security-relevant decisions by enforcing verification and contest procedures.
Providing authoritative attributes with the data reduces the need for security decisions to rely on untrusted external inputs.
Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data.