CVE-2025-69277 – Libsodium Elliptic Curve Point Validation Vulnerability

CVE ID : CVE-2025-69277

Published : Dec. 31, 2025, 5:50 a.m. | 34 minutes ago

Description : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren’t in the main cryptograpbic group.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…