VYPR
Medium severity4.5OSV Advisory· Published Dec 31, 2025· Updated Apr 15, 2026

CVE-2025-69277

CVE-2025-69277

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
paragonie/sodium_compatPackagist
>= 2, < 2.5.02.5.0
paragonie/sodium_compatPackagist
< 1.24.01.24.0
PyNaClPyPI
< 1.6.21.6.2
hdwalletPyPI
< 3.6.13.6.1

Affected products

113

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.