CVE-2025-24369

描述

Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 in github.com/Xe/x. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/Xe/x before v1.11.0-37-gd98d70a.

如何修補 CVE-2025-24369

目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。

• —未列出修補版本

CVE-2025-24369 正在被利用嗎?

低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0

參考連結(5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-24369
• PATCHgithub.com/Xe/x/commit/7bd7b209f4f1b897de85ec8973458dc8be606a8b
• PATCHgithub.com/Xe/x/commit/e09d0226a628f04b1d80fd83bee777894a45cd02
• WEBgithub.com/Xe/x/security/advisories/GHSA-56w8-8ppj-2p4f