Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

INFO

Published Date :

2025-12-31T05:50:07.422Z

Last Modified :

2026-01-07T17:06:43.302Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69277 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69277.

URL Resource
https://00f.net/2025/12/30/libsodium-vulnerability/ cve-icon cve-icon cve-icon
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae cve-icon cve-icon cve-icon
https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7 cve-icon cve-icon
https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf cve-icon cve-icon
https://github.com/pyca/pynacl/issues/920 cve-icon cve-icon
https://ianix.com/pub/ed25519-deployment.html cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html cve-icon
https://news.ycombinator.com/item?id=46435614 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-69277 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-69277 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact