Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-69725

CVE-2025-69725: go-chi/chi Open Redirect Vulnerability

CVE-2025-69725 is an open redirect flaw in go-chi/chi >=5.2.2 RedirectSlashes function that enables attackers to redirect users to malicious sites. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2025-69725 Overview

An Open Redirect vulnerability exists in the go-chi/chi library versions 5.2.2 and later. The vulnerability is located in the RedirectSlashes function, which allows remote attackers to redirect victim users to malicious websites while leveraging the legitimate website domain. This type of vulnerability is commonly exploited in phishing attacks, where users trust the initial domain but are unknowingly redirected to attacker-controlled sites.

Critical Impact

Attackers can abuse the trusted domain to redirect users to malicious websites, enabling phishing attacks, credential theft, and malware distribution while bypassing user suspicion.

Affected Products

  • go-chi/chi versions >= 5.2.2

Discovery Timeline

  • 2026-02-19 - CVE CVE-2025-69725 published to NVD
  • 2026-02-19 - Last updated in NVD database

Technical Details for CVE-2025-69725

Vulnerability Analysis

This Open Redirect vulnerability stems from improper validation of redirect URLs within the RedirectSlashes middleware function. The RedirectSlashes middleware is commonly used in go-chi/chi web applications to automatically redirect requests that contain trailing slashes to their non-slash equivalents (or vice versa). However, the function fails to properly sanitize or validate the target URL before performing the redirect operation.

When an attacker crafts a malicious URL that exploits this middleware, they can manipulate the redirect destination to point to an external, attacker-controlled domain. Because the initial request goes through the legitimate application's domain, users may not notice they are being redirected to a malicious site. This makes the vulnerability particularly dangerous for phishing campaigns and social engineering attacks.

The network-based attack vector means exploitation can occur remotely without any authentication requirements, though user interaction is required as the victim must click on or visit the malicious link.

Root Cause

The root cause of this vulnerability is insufficient input validation in the RedirectSlashes function. The middleware does not adequately verify that the constructed redirect URL remains within the same domain or follows a safe redirect pattern. This allows attackers to inject external URLs or URL-like paths that, when processed by the middleware, result in redirects to arbitrary external domains.

Attack Vector

The attack is network-based and requires user interaction. An attacker would craft a specially formatted URL that, when visited by a victim user, causes the vulnerable RedirectSlashes middleware to redirect the user to an attacker-controlled website. The malicious URL would appear to be hosted on the legitimate application domain, making it more likely that users would trust and click on the link.

A typical attack scenario involves:

  1. The attacker identifies a web application using the vulnerable go-chi/chi middleware
  2. The attacker crafts a malicious URL that exploits the open redirect vulnerability
  3. The attacker distributes the malicious URL via phishing emails, social media, or other channels
  4. When a victim clicks the link, they are redirected from the trusted domain to a malicious site

The vulnerability mechanism involves URL manipulation that bypasses the expected redirect behavior. For detailed technical information about the exploitation pattern and vulnerable code paths, refer to the GitHub Security Advisory GHSA-mqqf-5wvp-8fh8.

Detection Methods for CVE-2025-69725

Indicators of Compromise

  • Unusual HTTP redirect responses (3xx status codes) from the application that point to external domains
  • Server logs showing requests with manipulated URL paths containing external domain references
  • User reports of being redirected to unexpected or suspicious websites after clicking legitimate-looking links

Detection Strategies

  • Monitor web application logs for redirect responses that contain external URLs or suspicious domain patterns
  • Implement URL validation checks that flag redirects to domains not on an approved allowlist
  • Deploy web application firewalls (WAF) with rules to detect and block common open redirect attack patterns

Monitoring Recommendations

  • Enable verbose logging for the RedirectSlashes middleware to capture all redirect operations and their target URLs
  • Set up alerting for abnormal redirect patterns, particularly those involving external domains
  • Regularly audit application routes and middleware configurations to identify potential exposure points

How to Mitigate CVE-2025-69725

Immediate Actions Required

  • Review all applications using go-chi/chi versions 5.2.2 and later that implement the RedirectSlashes middleware
  • Consider temporarily disabling the RedirectSlashes middleware until a patch is applied
  • Implement URL validation to ensure redirects only target same-origin URLs

Patch Information

Organizations should monitor the go-chi/chi project and the GitHub Security Advisory for official patch releases. Apply vendor-provided security updates as soon as they become available.

Workarounds

  • Implement a custom middleware wrapper that validates redirect URLs before allowing the redirect to proceed
  • Use an allowlist approach that only permits redirects to known, trusted domains within your organization
  • Add input validation to strip or reject URL components that could be used to construct external redirects

To implement URL validation as a workaround, applications should verify that all redirect targets use relative paths or match the application's expected domain before executing the redirect. The GitHub Security Advisory provides additional guidance on implementing safe redirect patterns.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne