{"id":"ALPINE-CVE-2025-69277","details":"libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.","modified":"2026-01-01T14:15:51.062939Z","published":"2025-12-31T06:15:41.513Z","upstream":["CVE-2025-69277"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2025-69277"}],"affected":[{"package":{"name":"libsodium","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/libsodium?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.19-r1"}]}],"versions":["0.4.5-r0","0.4.5-r1","0.5.0-r0","0.7.0-r0","1.0.0-r0","1.0.1-r0","1.0.11-r0","1.0.12-r0","1.0.13-r0","1.0.14-r0","1.0.15-r0","1.0.16-r0","1.0.17-r0","1.0.18-r0","1.0.18-r1","1.0.18-r2","1.0.18-r3","1.0.18-r4","1.0.19-r0","1.0.2-r0","1.0.3-r0","1.0.4-r0","1.0.5-r0","1.0.6-r0","1.0.7-r0","1.0.8-r0","1.0.9-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-69277.json"}},{"package":{"name":"libsodium","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/libsodium?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20-r1"}]}],"versions":["0.4.5-r0","0.4.5-r1","0.5.0-r0","0.7.0-r0","1.0.0-r0","1.0.1-r0","1.0.11-r0","1.0.12-r0","1.0.13-r0","1.0.14-r0","1.0.15-r0","1.0.16-r0","1.0.17-r0","1.0.18-r0","1.0.18-r1","1.0.18-r2","1.0.18-r3","1.0.18-r4","1.0.19-r0","1.0.2-r0","1.0.20-r0","1.0.3-r0","1.0.4-r0","1.0.5-r0","1.0.6-r0","1.0.7-r0","1.0.8-r0","1.0.9-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-69277.json"}},{"package":{"name":"libsodium","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/libsodium?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20-r1"}]}],"versions":["0.4.5-r0","0.4.5-r1","0.5.0-r0","0.7.0-r0","1.0.0-r0","1.0.1-r0","1.0.11-r0","1.0.12-r0","1.0.13-r0","1.0.14-r0","1.0.15-r0","1.0.16-r0","1.0.17-r0","1.0.18-r0","1.0.18-r1","1.0.18-r2","1.0.18-r3","1.0.18-r4","1.0.19-r0","1.0.2-r0","1.0.20-r0","1.0.3-r0","1.0.4-r0","1.0.5-r0","1.0.6-r0","1.0.7-r0","1.0.8-r0","1.0.9-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-69277.json"}},{"package":{"name":"libsodium","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/libsodium?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20-r1"}]}],"versions":["0.4.5-r0","0.4.5-r1","0.5.0-r0","0.7.0-r0","1.0.0-r0","1.0.1-r0","1.0.11-r0","1.0.12-r0","1.0.13-r0","1.0.14-r0","1.0.15-r0","1.0.16-r0","1.0.17-r0","1.0.18-r0","1.0.18-r1","1.0.18-r2","1.0.18-r3","1.0.18-r4","1.0.19-r0","1.0.2-r0","1.0.20-r0","1.0.3-r0","1.0.4-r0","1.0.5-r0","1.0.6-r0","1.0.7-r0","1.0.8-r0","1.0.9-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-69277.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}]}