{"id":"AZL-73376","summary":"CVE-2025-69277 affecting package libsodium for versions less than 1.0.18-7","details":"libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.","modified":"2026-04-21T04:33:52.185150Z","published":"2025-12-31T06:15:41Z","upstream":["CVE-2025-69277"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69277"}],"affected":[{"package":{"name":"libsodium","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libsodium"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-7"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73376.json"}}],"schema_version":"1.7.5"}