Description

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

INFO

Published Date :

2026-01-06T00:22:50.114Z

Last Modified :

2026-01-06T19:01:27.678Z

Source :

CPANSec
AFFECTED PRODUCTS

The following products are affected by CVE-2025-15444 vulnerability.

Vendors Products
Iamb
  • Crypt\
Perl
  • Crypt::sodium::xs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15444.

URL Resource
https://00f.net/2025/12/30/libsodium-vulnerability/ cve-icon cve-icon cve-icon
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae cve-icon cve-icon cve-icon
https://metacpan.org/dist/Crypt-Sodium-XS/changes cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-15444 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-15444 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact