{"id":"AZL-73755","summary":"CVE-2025-15444 affecting package libsodium for versions less than 1.0.18-7","details":"Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","modified":"2026-04-21T04:33:59.643443Z","published":"2026-01-06T01:16:01Z","upstream":["CVE-2025-15444"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15444"}],"affected":[{"package":{"name":"libsodium","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libsodium"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-7"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73755.json"}}],"schema_version":"1.7.5"}