CVE-2025-15444

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions prior to 0.000042 libsodium versions 1.0.20 and earlier

Description The Crypt::Sodium::XS module for Perl includes a vulnerable version of libsodium. libsodium versions up to and including 1.0.20 may improperly handle checks for valid elliptic curve points when using crypto core ed25519 is valid point in specific, uncommon scenarios involving custom cryptography or untrusted data. This can allow invalid points to be accepted, potentially impacting cryptographic security.

Recommendations Update Crypt::Sodium::XS to version 0.000042 or later. Update libsodium to a version later than 1.0.20.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1395CWE-347

Related Identifiers

AZL-73751

AZL-73755

CVE-2025-15444

OPENSUSE-SU-2026:10022-1

OPENSUSE-SU-2026:20399-1

OPENSUSE-SU-2026:20642-1

SUSE-SU-2026:0194-1

SUSE-SU-2026:0223-1

SUSE-SU-2026:0368-1

SUSE-SU-2026:0482-1

SUSE-SU-2026:20242-1

SUSE-SU-2026:20354-1

SUSE-SU-2026:20448-1

SUSE-SU-2026:20484-1

SUSE-SU-2026:20756-1

SUSE-SU-2026:20913-1

SUSE-SU-2026:21393-1

SUSE-SU-2026:21422-1

Affected Products

Crypt::Sodium::Xs

Libsodium

CVE-2025-15444

Weakness Enumeration

Related Identifiers

Affected Products

References · 38