CPANSA-Crypt-Sodium-XS-2025-69277-libsodium: Crypt-Sodium-XS vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2025-12-31T00:00:00 | Engine | CSAF Perl Toolkit 0.26 |
| Current release date | 2025-12-31T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 4.5 | Severity | Medium |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
Vulnerabilities
CVE-2025-69277
Vulnerability Descriptionlibsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
| Weakness | CWE-184 : Incomplete List of Disallowed Inputs |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Crypt-Sodium-XS greater than or equal 0.000018 and less than or equal 0.000027 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Crypt-Sodium-XS-2025-69277-libsodium JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2025/cpansa-crypt-sodium-xs-2025-69277-libsodium.json - https://00f.net/2025/12/30/libsodium-vulnerability/ external
https://00f.net/2025/12/30/libsodium-vulnerability/ - https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae external
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae - https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7 external
https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7 - https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf external
https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf - https://github.com/pyca/pynacl/issues/920 external
https://github.com/pyca/pynacl/issues/920 - https://ianix.com/pub/ed25519-deployment.html external
https://ianix.com/pub/ed25519-deployment.html - https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html external
https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html - https://news.ycombinator.com/item?id=46435614 external
https://news.ycombinator.com/item?id=46435614 - CVE-2025-69277 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2025-69277
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Dec 31 00:00:00 2025 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/