{"id":"CVE-2025-15444","details":"Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","modified":"2026-05-05T18:29:19.447850945Z","published":"2026-01-06T01:16:01.240Z","related":["SUSE-SU-2026:0194-1","SUSE-SU-2026:0223-1","SUSE-SU-2026:0368-1","SUSE-SU-2026:0482-1","SUSE-SU-2026:20242-1","SUSE-SU-2026:20354-1","SUSE-SU-2026:20448-1","SUSE-SU-2026:20484-1","SUSE-SU-2026:20756-1","SUSE-SU-2026:20913-1","SUSE-SU-2026:21393-1","SUSE-SU-2026:21422-1","openSUSE-SU-2026:10022-1","openSUSE-SU-2026:20399-1","openSUSE-SU-2026:20642-1"],"references":[{"type":"ADVISORY","url":"https://metacpan.org/dist/Crypt-Sodium-XS/changes"},{"type":"ADVISORY","url":"https://00f.net/2025/12/30/libsodium-vulnerability/"},{"type":"FIX","url":"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jedisct1/libsodium","events":[{"introduced":"0"},{"fixed":"ad3004ec8731730e93fcfbbc824e67eadc1c1bae"}]}],"versions":["0.1","0.2","0.3","0.4","0.4.1","0.4.2","0.4.3","0.4.4","0.4.5","0.5.0","0.6.1","0.7.0","0.7.1","1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17-RELEASE","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15444.json","vanir_signatures_modified":"2026-04-12T14:04:24Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.000042"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","digest":{"length":15913,"function_hash":"271864492409172204729158493267951380532"},"id":"CVE-2025-15444-19ea9e1a","signature_type":"Function","deprecated":false,"target":{"file":"test/default/core_ed25519.c","function":"main"}},{"signature_version":"v1","source":"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","digest":{"line_hashes":["241291362390970966119687003418518640000","148998168988971462501772092656155965283","180662736039736298842660616799743332709","236781085191269839238480224756322864215","244725727458201247031675736095252993838","11419066337079980079544781403154436620","207472804640406634179816897796173202","40219272335220661788972820483796946923","64018105627283189161448413090029376271","250432648790730546764706619234776830385","251242987065344112180028105881764441916"],"threshold":0.9},"id":"CVE-2025-15444-39af8400","signature_type":"Line","deprecated":false,"target":{"file":"test/default/core_ed25519.c"}},{"signature_version":"v1","target":{"file":"src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c"},"digest":{"line_hashes":["85590579739442630473906153250189822304","240838851987162662003026314670961205689","321302984625379645327288223242572254769","152774947681641221797454343977315974438","208498853723714622487037809059887703408","328476950466293324903342946523090922299"],"threshold":0.9},"id":"CVE-2025-15444-52bcd3fc","signature_type":"Line","deprecated":false,"source":"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"},{"signature_version":"v1","source":"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","digest":{"length":113,"function_hash":"225152862173646219701680893385147273816"},"id":"CVE-2025-15444-6d6782e4","deprecated":false,"signature_type":"Function","target":{"file":"src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c","function":"ge25519_is_on_main_subgroup"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}