Fluid Attacks Database

Description

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	golang-github-go-chi-chi	=5.2.0-1 \|\| =5.2.3-1 \|\| >=0 <5.2.5-1	5.2.5-1
rpm rhel8	osbuild-composer	-	-
go	github.com/go-chi/chi	>=5.2.2 <5.2.4	5.2.4
go	github.com/go-chi/chi/v3	-	-
go	github.com/go-chi/chi/v2	-	-
go	github.com/go-chi/chi/v4	-	-
go	github.com/go-chi/chi/v5	>=5.2.2 <5.2.4	5.2.4

Aliases

1. CVE-2025-697252. NVD-2025-697253. OSV-DEBIAN-2025-697254. OSV-2025-697255. OSV-GHSA-mqqf-5wvp-8fh86. OSV-GO-2026-43167. GHSA-mqqf-5wvp-8fh88. GCVE-2025-697259. SECURITY-TRACKER-CVE-2025-6972510. GHSA-mqqf-5wvp-8fh8

References

1. https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh82. https://github.com/go-chi/chi/issues/10373. https://github.com/go-chi/chi/commit/6eb35881c0e438ffb663ddbad3a61babaa5e5d8a