CVE-2025-69277

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions libsodium versions prior to ad3004e

Description The software mishandles checks for the validity of elliptic curve points in specific, unusual scenarios. This occurs when custom cryptography or untrusted data is used with the crypto core ed25519 is valid point function, potentially allowing points that are not part of the main cryptographic group.

Recommendations Update to version ad3004e or later.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

AZL-73341

AZL-73376

BDU:2026-02383

CVE-2025-69277

DLA-4435-1

DSA-6094-1

GHSA-MRFV-M5WM-5W6W

MGASA-2026-0004

OESA-2026-1097

OESA-2026-1098

OESA-2026-1099

OESA-2026-1100

OESA-2026-1101

OESA-2026-1102

OESA-2026-1557

OPENSUSE-SU-2026:10130-1

OPENSUSE-SU-2026:20642-1

OPENSUSE-SU-2026:20650-1

RHSA-2026:7369

SUSE-SU-2026:0368-1

SUSE-SU-2026:0482-1

SUSE-SU-2026:20448-1

SUSE-SU-2026:20484-1

SUSE-SU-2026:21393-1

SUSE-SU-2026:21422-1

SUSE-SU-2026:21431-1

USN-7949-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Libsodium

CVE-2025-69277

Weakness Enumeration

Related Identifiers

Affected Products

References · 82