PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69725 go-chi CVE debrief

CVE-2025-69725 is an Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function. This CVE record was published on 2026-02-19T17:24:39.830Z and was last modified on 2026-07-05T02:17:37.113Z. The NVD entry is currently Deferred. The vulnerability allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. Users and administrators should be aware of the potential risks and take necessary precautions to mitigate this vulnerability.

Vendor
go-chi
Product
chi
CVSS
MEDIUM 4.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-19
Original CVE updated
2026-07-05
Advisory published
2026-02-19
Advisory updated
2026-07-05

Who should care

Users of go-chi/chi version >=5.2.2, particularly those who manage or maintain web applications using this library, should be aware of this Open Redirect vulnerability and take necessary precautions to protect their applications and users from potential redirects to malicious websites.

Technical summary

The Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. The CVSS score for this vulnerability is 4.7, and the severity is MEDIUM. This vulnerability can be exploited by attackers to phish users or distribute malware. To mitigate this vulnerability, users should update to the latest version of go-chi/chi and implement additional security measures such as web application firewalls and monitoring for suspicious activity.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability.

Recommended defensive actions

  • Inventory and assess usage of go-chi/chi version >=5.2.2
  • Apply patches or updates if available
  • Implement compensating controls such as web application firewalls
  • Monitor for suspicious activity
  • Verify and document the effectiveness of mitigations

Evidence notes

Evidence for this CVE comes from the NVD and CVE.org. The CVE record was published on 2026-02-19T17:24:39.830Z and was last modified on 2026-07-05T02:17:37.113Z. The information provided is based on the available data and may not be exhaustive. Further verification and validation are recommended to ensure the accuracy of this information. Defenders should verify the affected scope, severity, and vendor guidance to determine the necessary course of action.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-19T17:24:39.830Z and has not been modified since then. The NVD entry is currently Deferred.