CVE-2025-69277

4.5 MEDIUM
Published: December 31, 2025 Modified: January 07, 2026
View on NVD

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://00f.net/2025/12/30/libsodium-vulnerability/
Source: cve@mitre.org
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
Source: cve@mitre.org
https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7
Source: cve@mitre.org
https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf
Source: cve@mitre.org
https://github.com/pyca/pynacl/issues/920
Source: cve@mitre.org
https://ianix.com/pub/ed25519-deployment.html
Source: cve@mitre.org
https://news.ycombinator.com/item?id=46435614
Source: cve@mitre.org
https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.5 / 10.0
EPSS (Exploit Probability)
0.0%
1th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-184

Related CVEs

CVE-2026-4649 N/A
CVE-2026-3509 7.5
CVE-2026-32642 N/A
CVE-2025-41660 8.8
CVE-2026-4756 7.8