CVE-2025-69277 MEDIUM

CVE-2025-69277

Vendor Libsodium
Product libsodium
Weakness CWE-184
Published December 31, 2025
Last update January 7, 2026

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Key dates

02Disclosure timeline

December 31, 2025 CVE published
January 7, 2026 Record updated