Medium severity4.5OSV Advisory· Published Dec 31, 2025· Updated Apr 15, 2026
CVE-2025-69277
CVE-2025-69277
Description
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paragonie/sodium_compatPackagist | >= 2, < 2.5.0 | 2.5.0 |
paragonie/sodium_compatPackagist | < 1.24.0 | 1.24.0 |
PyNaClPyPI | < 1.6.2 | 1.6.2 |
hdwalletPyPI | < 3.6.1 | 3.6.1 |
Affected products
113- osv-coords112 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-2-compatpkg:apk/chainguard/airflow-2-iamguarded-compatpkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-3-compatpkg:apk/chainguard/airflow-3-iamguarded-compatpkg:apk/chainguard/authentikpkg:apk/chainguard/authentik-fipspkg:apk/chainguard/authentik-go-serverpkg:apk/chainguard/authentik-go-server-fipspkg:apk/chainguard/azpkg:apk/chainguard/az-iamguarded-compatpkg:apk/chainguard/datadog-agent-7.71pkg:apk/chainguard/datadog-agent-7.71-core-integrationspkg:apk/chainguard/datadog-agent-7.71-fakeintakepkg:apk/chainguard/datadog-agent-7.71-jmxpkg:apk/chainguard/datadog-agent-7.71-oci-compatpkg:apk/chainguard/datadog-agent-7.71-s6-overlaypkg:apk/chainguard/datadog-agent-7.72pkg:apk/chainguard/datadog-agent-7.72-fakeintakepkg:apk/chainguard/datadog-agent-7.72-jmxpkg:apk/chainguard/datadog-agent-7.72-oci-compatpkg:apk/chainguard/datadog-agent-7.72-s6-overlaypkg:apk/chainguard/datadog-agent-7.73pkg:apk/chainguard/datadog-agent-7.73-core-integrationspkg:apk/chainguard/datadog-agent-7.73-fakeintakepkg:apk/chainguard/datadog-agent-7.73-jmxpkg:apk/chainguard/datadog-agent-7.73-oci-compatpkg:apk/chainguard/datadog-agent-7.73-s6-overlaypkg:apk/chainguard/datadog-agent-7.74-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.71pkg:apk/chainguard/datadog-agent-fips-7.71-fakeintakepkg:apk/chainguard/datadog-agent-fips-7.71-jmxpkg:apk/chainguard/datadog-agent-fips-7.71-oci-compatpkg:apk/chainguard/datadog-agent-fips-7.71-s6-overlaypkg:apk/chainguard/datadog-agent-fips-7.72pkg:apk/chainguard/datadog-agent-fips-7.72-fakeintakepkg:apk/chainguard/datadog-agent-fips-7.72-jmxpkg:apk/chainguard/datadog-agent-fips-7.72-oci-compatpkg:apk/chainguard/datadog-agent-fips-7.72-s6-overlaypkg:apk/chainguard/datadog-agent-fips-7.73pkg:apk/chainguard/datadog-agent-fips-7.73-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.73-fakeintakepkg:apk/chainguard/datadog-agent-fips-7.73-jmxpkg:apk/chainguard/datadog-agent-fips-7.73-oci-compatpkg:apk/chainguard/datadog-agent-fips-7.73-s6-overlaypkg:apk/chainguard/datadog-agent-fips-7.74-core-integrationspkg:apk/chainguard/datadog-cluster-agent-7.71pkg:apk/chainguard/datadog-cluster-agent-7.71-oci-compatpkg:apk/chainguard/datadog-cluster-agent-7.72pkg:apk/chainguard/datadog-cluster-agent-7.72-oci-compatpkg:apk/chainguard/datadog-cluster-agent-7.73pkg:apk/chainguard/datadog-cluster-agent-7.73-oci-compatpkg:apk/chainguard/datadog-cluster-agent-fips-7.71pkg:apk/chainguard/datadog-cluster-agent-fips-7.71-oci-compatpkg:apk/chainguard/datadog-cluster-agent-fips-7.72pkg:apk/chainguard/datadog-cluster-agent-fips-7.72-oci-compatpkg:apk/chainguard/datadog-cluster-agent-fips-7.73pkg:apk/chainguard/datadog-cluster-agent-fips-7.73-oci-compatpkg:apk/chainguard/dogstatsd-7.71pkg:apk/chainguard/dogstatsd-7.72pkg:apk/chainguard/dogstatsd-7.73pkg:apk/chainguard/pgadmin4pkg:apk/chainguard/pgadmin4-oci-entrypointpkg:apk/chainguard/superset-4.1pkg:apk/chainguard/superset-4.1-entrypointpkg:apk/chainguard/superset-4.1-iamguarded-compatpkg:apk/chainguard/superset-5.0pkg:apk/chainguard/superset-5.0-entrypointpkg:apk/chainguard/superset-5.0-iamguarded-compatpkg:apk/wolfi/airflow-3pkg:apk/wolfi/airflow-3-compatpkg:apk/wolfi/airflow-3-iamguarded-compatpkg:apk/wolfi/azpkg:apk/wolfi/az-iamguarded-compatpkg:apk/wolfi/datadog-agent-7.72pkg:apk/wolfi/datadog-agent-7.72-fakeintakepkg:apk/wolfi/datadog-agent-7.72-jmxpkg:apk/wolfi/datadog-agent-7.72-oci-compatpkg:apk/wolfi/datadog-agent-7.72-s6-overlaypkg:apk/wolfi/datadog-agent-7.73pkg:apk/wolfi/datadog-agent-7.73-core-integrationspkg:apk/wolfi/datadog-agent-7.73-fakeintakepkg:apk/wolfi/datadog-agent-7.73-jmxpkg:apk/wolfi/datadog-agent-7.73-oci-compatpkg:apk/wolfi/datadog-agent-7.73-s6-overlaypkg:apk/wolfi/datadog-agent-7.74-core-integrationspkg:apk/wolfi/datadog-cluster-agent-7.72pkg:apk/wolfi/datadog-cluster-agent-7.72-oci-compatpkg:apk/wolfi/datadog-cluster-agent-7.73pkg:apk/wolfi/datadog-cluster-agent-7.73-oci-compatpkg:apk/wolfi/dogstatsd-7.72pkg:apk/wolfi/dogstatsd-7.73pkg:apk/wolfi/superset-4.1pkg:apk/wolfi/superset-4.1-entrypointpkg:apk/wolfi/superset-4.1-iamguarded-compatpkg:apk/wolfi/superset-5.0pkg:apk/wolfi/superset-5.0-entrypointpkg:apk/wolfi/superset-5.0-iamguarded-compatpkg:composer/paragonie/sodium_compatpkg:pypi/hdwalletpkg:pypi/pynaclpkg:rpm/opensuse/libsodium&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-PyNaCl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Micro%206.1
< 2.11.1-r0+ 111 more
- (no CPE)range: < 2.11.1-r0
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 3.1.6-r0
- (no CPE)range: < 3.1.5-r1
- (no CPE)range: < 3.1.5-r1
- (no CPE)range: < 2025.10.3-r4
- (no CPE)range: < 2025.10.3-r1
- (no CPE)range: < 2025.10.3-r3
- (no CPE)range: < 2025.10.3-r0
- (no CPE)range: < 2.82.0-r0
- (no CPE)range: < 2.81.0-r1
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.71.2-r8
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.3-r3
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.3-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.74.1-r2
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.3-r2
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.74.1-r2
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.71.2-r5
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.72.4-r3
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.71.2-r6
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 9.11-r1
- (no CPE)range: < 9.11-r0
- (no CPE)range: < 4.1.4-r6
- (no CPE)range: < 4.1.4-r5
- (no CPE)range: < 4.1.4-r5
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: < 3.1.6-r0
- (no CPE)range: < 3.1.5-r1
- (no CPE)range: < 3.1.5-r1
- (no CPE)range: < 2.82.0-r0
- (no CPE)range: < 2.81.0-r1
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.3-r3
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.3-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.74.1-r2
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 7.72.4-r5
- (no CPE)range: < 7.73.2-r0
- (no CPE)range: < 4.1.4-r6
- (no CPE)range: < 4.1.4-r5
- (no CPE)range: < 4.1.4-r5
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: < 5.0.0-r11
- (no CPE)range: >= 2, < 2.5.0
- (no CPE)range: < 3.6.1
- (no CPE)range: < 1.6.2
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.6.2-1.1
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.0.18-150000.4.14.1
- (no CPE)range: < 1.0.16-1.15.1
- (no CPE)range: < 1.0.18-5.1
- (no CPE)range: < 1.0.18-slfo.1.1_3.1
Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-mrfv-m5wm-5w6wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-69277ghsaADVISORY
- 00f.net/2025/12/30/libsodium-vulnerabilityghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/paragonie/sodium_compat/2025-12-30.yamlghsaWEB
- github.com/hdwallet-io/python-hdwallet/pull/124ghsaWEB
- github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1baenvdWEB
- github.com/paragonie/sodium_compat/commit/2cb48f26130919f92f30650bdcc30e6f4ebe45acghsaWEB
- github.com/paragonie/sodium_compat/commit/4714da6efdc782c06690bc72ce34fae7941c2d9fghsaWEB
- github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7nvdWEB
- github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cfnvdWEB
- github.com/pyca/pynacl/issues/920nvdWEB
- ianix.com/pub/ed25519-deployment.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2026/01/msg00004.htmlnvdWEB
- news.ycombinator.com/itemnvdWEB
- 00f.net/2025/12/30/libsodium-vulnerability/nvd
News mentions
0No linked articles in our index yet.