CVE-2025-69277

EPSS 0.01%
Veröffentlicht 31.12.2025 05:50:07
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerlibsodium

≫

Produkt libsodium

Default Statusunaffected

Version < ad3004ec8731730e93fcfbbc824e67eadc1c1bae

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	4.5	1.4	2.7	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae

https://00f.net/2025/12/30/libsodium-vulnerability/

https://news.ycombinator.com/item?id=46435614

https://ianix.com/pub/ed25519-deployment.html

https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7

https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf

https://github.com/pyca/pynacl/issues/920

https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html

https://nvd.nist.gov/vuln/detail/CVE-2025-69277

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69277

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69277

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-69277