CVE-2025-69725

NameCVE-2025-69725
DescriptionAn Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1129258

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-go-chi-chi (PTS)bullseye1.5.1-2fixed
bookworm5.0.7-1fixed
trixie5.2.0-1fixed
forky, sid5.2.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-go-chi-chisourcebullseye(not affected)
golang-github-go-chi-chisourcebookworm(not affected)
golang-github-go-chi-chisourcetrixie(not affected)
golang-github-go-chi-chisource(unstable)5.2.5-11129258

Notes

[trixie] - golang-github-go-chi-chi <not-affected> (Vulnerable code introduced in 5.2.2)
[bookworm] - golang-github-go-chi-chi <not-affected> (Vulnerable code introduced in 5.2.2)
[bullseye] - golang-github-go-chi-chi <not-affected> (Vulnerable code introduced in 5.2.2)
https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8
Search for package or bug name: Reporting problems