PatchSiren cyber security CVE debrief
CVE-2025-69725 go-chi CVE debrief
CVE-2025-69725 is an Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function. This CVE record was published on 2026-02-19T17:24:39.830Z and was last modified on 2026-07-05T02:17:37.113Z. The NVD entry is currently Deferred. The vulnerability allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. Users and administrators should be aware of the potential risks and take necessary precautions to mitigate this vulnerability.
- Vendor
- go-chi
- Product
- chi
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-19
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-02-19
- Advisory updated
- 2026-07-05
Who should care
Users of go-chi/chi version >=5.2.2, particularly those who manage or maintain web applications using this library, should be aware of this Open Redirect vulnerability and take necessary precautions to protect their applications and users from potential redirects to malicious websites.
Technical summary
The Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. The CVSS score for this vulnerability is 4.7, and the severity is MEDIUM. This vulnerability can be exploited by attackers to phish users or distribute malware. To mitigate this vulnerability, users should update to the latest version of go-chi/chi and implement additional security measures such as web application firewalls and monitoring for suspicious activity.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability.
Recommended defensive actions
- Inventory and assess usage of go-chi/chi version >=5.2.2
- Apply patches or updates if available
- Implement compensating controls such as web application firewalls
- Monitor for suspicious activity
- Verify and document the effectiveness of mitigations
Evidence notes
Evidence for this CVE comes from the NVD and CVE.org. The CVE record was published on 2026-02-19T17:24:39.830Z and was last modified on 2026-07-05T02:17:37.113Z. The information provided is based on the available data and may not be exhaustive. Further verification and validation are recommended to ensure the accuracy of this information. Defenders should verify the affected scope, severity, and vendor guidance to determine the necessary course of action.
Official resources
-
CVE-2025-69725 CVE record
CVE.org
-
CVE-2025-69725 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-19T17:24:39.830Z and has not been modified since then. The NVD entry is currently Deferred.