Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-15444 (GCVE-0-2025-15444)
Vulnerability from cvelistv5 – Published: 2026-01-06 00:22 – Updated: 2026-01-06 19:01
VLAI?
EPSS
Title
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Summary
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IAMB | Crypt::Sodium::XS |
Affected:
0 , < 0.000042
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:23:55.371687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:01:27.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Crypt-Sodium-XS",
"product": "Crypt::Sodium::XS",
"vendor": "IAMB",
"versions": [
{
"lessThan": "0.000042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Crypt::Sodium::XS module versions prior to\u0026nbsp;0.000042,\u0026nbsp;for Perl, include a vulnerable version of libsodium\u003cbr\u003e\u003cbr\u003elibsodium \u0026lt;= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cve.org/CVERecord?id=CVE-2025-69277\"\u003ehttps://www.cve.org/CVERecord?id=CVE-2025-69277\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThe libsodium vulnerability states:\u003cbr\u003e\u003cbr\u003eIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\u003cbr\u003e\u003cbr\u003e0.000042 includes a version of\u0026nbsp;libsodium updated to 1.0.20-stable, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereleased January 3, 2026, which includes a fix for the vulnerability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u00a0 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of\u00a0libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T00:22:50.114Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
},
{
"url": "https://00f.net/2025/12/30/libsodium-vulnerability/"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/dist/Crypt-Sodium-XS/changes"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version\u0026nbsp;0.000042 or later"
}
],
"value": "Upgrade to version\u00a00.000042 or later"
}
],
"source": {
"discovery": "UPSTREAM"
},
"title": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15444",
"datePublished": "2026-01-06T00:22:50.114Z",
"dateReserved": "2026-01-03T22:06:02.639Z",
"dateUpdated": "2026-01-06T19:01:27.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-15444\",\"sourceIdentifier\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"published\":\"2026-01-06T01:16:01.240\",\"lastModified\":\"2026-01-08T18:09:23.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium\\n\\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u00a0 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\\n\\nThe libsodium vulnerability states:\\n\\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\\n\\n0.000042 includes a version of\u00a0libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://00f.net/2025/12/30/libsodium-vulnerability/\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"},{\"url\":\"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"},{\"url\":\"https://metacpan.org/dist/Crypt-Sodium-XS/changes\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"packageName\": \"Crypt-Sodium-XS\", \"product\": \"Crypt::Sodium::XS\", \"vendor\": \"IAMB\", \"versions\": [{\"lessThan\": \"0.000042\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Crypt::Sodium::XS module versions prior to\u0026nbsp;0.000042,\u0026nbsp;for Perl, include a vulnerable version of libsodium\u003cbr\u003e\u003cbr\u003elibsodium \u0026lt;= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.cve.org/CVERecord?id=CVE-2025-69277\\\"\u003ehttps://www.cve.org/CVERecord?id=CVE-2025-69277\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThe libsodium vulnerability states:\u003cbr\u003e\u003cbr\u003eIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\u003cbr\u003e\u003cbr\u003e0.000042 includes a version of\u0026nbsp;libsodium updated to 1.0.20-stable, \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ereleased January 3, 2026, which includes a fix for the vulnerability.\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"Crypt::Sodium::XS module versions prior to\\u00a00.000042,\\u00a0for Perl, include a vulnerable version of libsodium\\n\\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\\u00a0 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\\n\\nThe libsodium vulnerability states:\\n\\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\\n\\n0.000042 includes a version of\\u00a0libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-1395\", \"description\": \"CWE-1395 Dependency on Vulnerable Third-Party Component\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"shortName\": \"CPANSec\", \"dateUpdated\": \"2026-01-06T00:22:50.114Z\"}, \"references\": [{\"url\": \"https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae\"}, {\"url\": \"https://00f.net/2025/12/30/libsodium-vulnerability/\"}, {\"tags\": [\"release-notes\"], \"url\": \"https://metacpan.org/dist/Crypt-Sodium-XS/changes\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Upgrade to version\u0026nbsp;0.000042 or later\"}], \"value\": \"Upgrade to version\\u00a00.000042 or later\"}], \"source\": {\"discovery\": \"UPSTREAM\"}, \"title\": \"Crypt::Sodium::XS module versions prior to\\u00a00.000042,\\u00a0for Perl, include a vulnerable version of libsodium\", \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-15444\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T14:23:55.371687Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T14:23:58.300Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-15444\", \"assignerOrgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"CPANSec\", \"dateReserved\": \"2026-01-03T22:06:02.639Z\", \"datePublished\": \"2026-01-06T00:22:50.114Z\", \"dateUpdated\": \"2026-01-06T19:01:27.678Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:0223-1
Vulnerability from csaf_suse - Published: 2026-01-22 12:18 - Updated: 2026-01-22 12:18Summary
Security update for libsodium
Notes
Title of the patch
Security update for libsodium
Description of the patch
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
Patchnames
SUSE-2026-223,SUSE-SLE-Micro-5.3-2026-223,SUSE-SLE-Micro-5.4-2026-223,SUSE-SLE-Micro-5.5-2026-223,SUSE-SLE-Module-Basesystem-15-SP7-2026-223,SUSE-SUSE-MicroOS-5.2-2026-223,openSUSE-SLE-15.6-2026-223
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsodium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsodium fixes the following issues:\n\n- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-223,SUSE-SLE-Micro-5.3-2026-223,SUSE-SLE-Micro-5.4-2026-223,SUSE-SLE-Micro-5.5-2026-223,SUSE-SLE-Module-Basesystem-15-SP7-2026-223,SUSE-SUSE-MicroOS-5.2-2026-223,openSUSE-SLE-15.6-2026-223",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0223-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0223-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260223-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0223-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023862.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256070",
"url": "https://bugzilla.suse.com/1256070"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15444/"
}
],
"title": "Security update for libsodium",
"tracking": {
"current_release_date": "2026-01-22T12:18:02Z",
"generator": {
"date": "2026-01-22T12:18:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0223-1",
"initial_release_date": "2026-01-22T12:18:02Z",
"revision_history": [
{
"date": "2026-01-22T12:18:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"product_id": "libsodium-devel-1.0.18-150000.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"product": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"product_id": "libsodium23-1.0.18-150000.4.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium23-64bit-1.0.18-150000.4.11.1.aarch64_ilp32",
"product": {
"name": "libsodium23-64bit-1.0.18-150000.4.11.1.aarch64_ilp32",
"product_id": "libsodium23-64bit-1.0.18-150000.4.11.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.11.1.i586",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.i586",
"product_id": "libsodium-devel-1.0.18-150000.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.11.1.i586",
"product": {
"name": "libsodium23-1.0.18-150000.4.11.1.i586",
"product_id": "libsodium23-1.0.18-150000.4.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"product_id": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.11.1.ppc64le",
"product": {
"name": "libsodium23-1.0.18-150000.4.11.1.ppc64le",
"product_id": "libsodium23-1.0.18-150000.4.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.11.1.s390x",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.s390x",
"product_id": "libsodium-devel-1.0.18-150000.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.11.1.s390x",
"product": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x",
"product_id": "libsodium23-1.0.18-150000.4.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"product_id": "libsodium-devel-1.0.18-150000.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"product": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"product_id": "libsodium23-1.0.18-150000.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"product": {
"name": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"product_id": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.ppc64le"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.ppc64le"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.11.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.11.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
},
"product_reference": "libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15444"
}
],
"notes": [
{
"category": "general",
"text": "Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15444",
"url": "https://www.suse.com/security/cve/CVE-2025-15444"
},
{
"category": "external",
"summary": "SUSE Bug 1256070 for CVE-2025-15444",
"url": "https://bugzilla.suse.com/1256070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.11.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:18:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-15444"
}
]
}
SUSE-SU-2026:0368-1
Vulnerability from csaf_suse - Published: 2026-02-03 13:40 - Updated: 2026-02-03 13:40Summary
Security update for libsodium
Notes
Title of the patch
Security update for libsodium
Description of the patch
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
Patchnames
SUSE-2026-368,SUSE-SLE-Micro-5.3-2026-368,SUSE-SLE-Micro-5.4-2026-368,SUSE-SLE-Micro-5.5-2026-368,SUSE-SLE-Module-Basesystem-15-SP7-2026-368,SUSE-SUSE-MicroOS-5.2-2026-368,openSUSE-SLE-15.6-2026-368
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsodium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsodium fixes the following issues: \n\n- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).\n- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-368,SUSE-SLE-Micro-5.3-2026-368,SUSE-SLE-Micro-5.4-2026-368,SUSE-SLE-Micro-5.5-2026-368,SUSE-SLE-Module-Basesystem-15-SP7-2026-368,SUSE-SUSE-MicroOS-5.2-2026-368,openSUSE-SLE-15.6-2026-368",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0368-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0368-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024038.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255764",
"url": "https://bugzilla.suse.com/1255764"
},
{
"category": "self",
"summary": "SUSE Bug 1256070",
"url": "https://bugzilla.suse.com/1256070"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69277/"
}
],
"title": "Security update for libsodium",
"tracking": {
"current_release_date": "2026-02-03T13:40:57Z",
"generator": {
"date": "2026-02-03T13:40:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0368-1",
"initial_release_date": "2026-02-03T13:40:57Z",
"revision_history": [
{
"date": "2026-02-03T13:40:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"product_id": "libsodium-devel-1.0.18-150000.4.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"product": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"product_id": "libsodium23-1.0.18-150000.4.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium23-64bit-1.0.18-150000.4.14.1.aarch64_ilp32",
"product": {
"name": "libsodium23-64bit-1.0.18-150000.4.14.1.aarch64_ilp32",
"product_id": "libsodium23-64bit-1.0.18-150000.4.14.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.14.1.i586",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.i586",
"product_id": "libsodium-devel-1.0.18-150000.4.14.1.i586"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.14.1.i586",
"product": {
"name": "libsodium23-1.0.18-150000.4.14.1.i586",
"product_id": "libsodium23-1.0.18-150000.4.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"product_id": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.14.1.ppc64le",
"product": {
"name": "libsodium23-1.0.18-150000.4.14.1.ppc64le",
"product_id": "libsodium23-1.0.18-150000.4.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.14.1.s390x",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.s390x",
"product_id": "libsodium-devel-1.0.18-150000.4.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.14.1.s390x",
"product": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x",
"product_id": "libsodium23-1.0.18-150000.4.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"product": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"product_id": "libsodium-devel-1.0.18-150000.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"product": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"product_id": "libsodium23-1.0.18-150000.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"product": {
"name": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"product_id": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.18-150000.4.14.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.18-150000.4.14.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
},
"product_reference": "libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15444"
}
],
"notes": [
{
"category": "general",
"text": "Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15444",
"url": "https://www.suse.com/security/cve/CVE-2025-15444"
},
{
"category": "external",
"summary": "SUSE Bug 1256070 for CVE-2025-15444",
"url": "https://bugzilla.suse.com/1256070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T13:40:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-15444"
},
{
"cve": "CVE-2025-69277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69277"
}
],
"notes": [
{
"category": "general",
"text": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69277",
"url": "https://www.suse.com/security/cve/CVE-2025-69277"
},
{
"category": "external",
"summary": "SUSE Bug 1255764 for CVE-2025-69277",
"url": "https://bugzilla.suse.com/1255764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-1.0.18-150000.4.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium-devel-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.aarch64",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.ppc64le",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.s390x",
"openSUSE Leap 15.6:libsodium23-1.0.18-150000.4.14.1.x86_64",
"openSUSE Leap 15.6:libsodium23-32bit-1.0.18-150000.4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T13:40:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-69277"
}
]
}
SUSE-SU-2026:0194-1
Vulnerability from csaf_suse - Published: 2026-01-21 09:05 - Updated: 2026-01-21 09:05Summary
Security update for libsodium
Notes
Title of the patch
Security update for libsodium
Description of the patch
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
Patchnames
SUSE-2026-194,SUSE-SLE-Module-Public-Cloud-12-2026-194
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsodium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsodium fixes the following issues:\n\n- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-194,SUSE-SLE-Module-Public-Cloud-12-2026-194",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0194-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0194-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260194-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0194-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023834.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256070",
"url": "https://bugzilla.suse.com/1256070"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15444/"
}
],
"title": "Security update for libsodium",
"tracking": {
"current_release_date": "2026-01-21T09:05:11Z",
"generator": {
"date": "2026-01-21T09:05:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0194-1",
"initial_release_date": "2026-01-21T09:05:11Z",
"revision_history": [
{
"date": "2026-01-21T09:05:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.aarch64",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.aarch64",
"product_id": "libsodium-devel-1.0.16-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.aarch64",
"product": {
"name": "libsodium23-1.0.16-1.12.1.aarch64",
"product_id": "libsodium23-1.0.16-1.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.i586",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.i586",
"product_id": "libsodium-devel-1.0.16-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.i586",
"product": {
"name": "libsodium23-1.0.16-1.12.1.i586",
"product_id": "libsodium23-1.0.16-1.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.ppc64le",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.ppc64le",
"product_id": "libsodium-devel-1.0.16-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.ppc64le",
"product": {
"name": "libsodium23-1.0.16-1.12.1.ppc64le",
"product_id": "libsodium23-1.0.16-1.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.s390",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.s390",
"product_id": "libsodium-devel-1.0.16-1.12.1.s390"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.s390",
"product": {
"name": "libsodium23-1.0.16-1.12.1.s390",
"product_id": "libsodium23-1.0.16-1.12.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.s390x",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.s390x",
"product_id": "libsodium-devel-1.0.16-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.s390x",
"product": {
"name": "libsodium23-1.0.16-1.12.1.s390x",
"product_id": "libsodium23-1.0.16-1.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.16-1.12.1.x86_64",
"product": {
"name": "libsodium-devel-1.0.16-1.12.1.x86_64",
"product_id": "libsodium-devel-1.0.16-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium23-1.0.16-1.12.1.x86_64",
"product": {
"name": "libsodium23-1.0.16-1.12.1.x86_64",
"product_id": "libsodium23-1.0.16-1.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.16-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.aarch64"
},
"product_reference": "libsodium23-1.0.16-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.16-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.ppc64le"
},
"product_reference": "libsodium23-1.0.16-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.16-1.12.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.s390x"
},
"product_reference": "libsodium23-1.0.16-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium23-1.0.16-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.x86_64"
},
"product_reference": "libsodium23-1.0.16-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15444"
}
],
"notes": [
{
"category": "general",
"text": "Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15444",
"url": "https://www.suse.com/security/cve/CVE-2025-15444"
},
{
"category": "external",
"summary": "SUSE Bug 1256070 for CVE-2025-15444",
"url": "https://bugzilla.suse.com/1256070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:libsodium23-1.0.16-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T09:05:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-15444"
}
]
}
OPENSUSE-SU-2026:10022-1
Vulnerability from csaf_opensuse - Published: 2026-01-09 00:00 - Updated: 2026-01-09 00:00Summary
libsodium-devel-1.0.21-1.1 on GA media
Notes
Title of the patch
libsodium-devel-1.0.21-1.1 on GA media
Description of the patch
These are all security issues fixed in the libsodium-devel-1.0.21-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10022
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libsodium-devel-1.0.21-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libsodium-devel-1.0.21-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10022",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10022-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15444/"
}
],
"title": "libsodium-devel-1.0.21-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-09T00:00:00Z",
"generator": {
"date": "2026-01-09T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10022-1",
"initial_release_date": "2026-01-09T00:00:00Z",
"revision_history": [
{
"date": "2026-01-09T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.21-1.1.aarch64",
"product": {
"name": "libsodium-devel-1.0.21-1.1.aarch64",
"product_id": "libsodium-devel-1.0.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsodium26-1.0.21-1.1.aarch64",
"product": {
"name": "libsodium26-1.0.21-1.1.aarch64",
"product_id": "libsodium26-1.0.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsodium26-32bit-1.0.21-1.1.aarch64",
"product": {
"name": "libsodium26-32bit-1.0.21-1.1.aarch64",
"product_id": "libsodium26-32bit-1.0.21-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.21-1.1.ppc64le",
"product": {
"name": "libsodium-devel-1.0.21-1.1.ppc64le",
"product_id": "libsodium-devel-1.0.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsodium26-1.0.21-1.1.ppc64le",
"product": {
"name": "libsodium26-1.0.21-1.1.ppc64le",
"product_id": "libsodium26-1.0.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsodium26-32bit-1.0.21-1.1.ppc64le",
"product": {
"name": "libsodium26-32bit-1.0.21-1.1.ppc64le",
"product_id": "libsodium26-32bit-1.0.21-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.21-1.1.s390x",
"product": {
"name": "libsodium-devel-1.0.21-1.1.s390x",
"product_id": "libsodium-devel-1.0.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libsodium26-1.0.21-1.1.s390x",
"product": {
"name": "libsodium26-1.0.21-1.1.s390x",
"product_id": "libsodium26-1.0.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libsodium26-32bit-1.0.21-1.1.s390x",
"product": {
"name": "libsodium26-32bit-1.0.21-1.1.s390x",
"product_id": "libsodium26-32bit-1.0.21-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsodium-devel-1.0.21-1.1.x86_64",
"product": {
"name": "libsodium-devel-1.0.21-1.1.x86_64",
"product_id": "libsodium-devel-1.0.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium26-1.0.21-1.1.x86_64",
"product": {
"name": "libsodium26-1.0.21-1.1.x86_64",
"product_id": "libsodium26-1.0.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsodium26-32bit-1.0.21-1.1.x86_64",
"product": {
"name": "libsodium26-32bit-1.0.21-1.1.x86_64",
"product_id": "libsodium26-32bit-1.0.21-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.aarch64"
},
"product_reference": "libsodium-devel-1.0.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.ppc64le"
},
"product_reference": "libsodium-devel-1.0.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.s390x"
},
"product_reference": "libsodium-devel-1.0.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium-devel-1.0.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.x86_64"
},
"product_reference": "libsodium-devel-1.0.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-1.0.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-1.0.21-1.1.aarch64"
},
"product_reference": "libsodium26-1.0.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-1.0.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-1.0.21-1.1.ppc64le"
},
"product_reference": "libsodium26-1.0.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-1.0.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-1.0.21-1.1.s390x"
},
"product_reference": "libsodium26-1.0.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-1.0.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-1.0.21-1.1.x86_64"
},
"product_reference": "libsodium26-1.0.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-32bit-1.0.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.aarch64"
},
"product_reference": "libsodium26-32bit-1.0.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-32bit-1.0.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.ppc64le"
},
"product_reference": "libsodium26-32bit-1.0.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-32bit-1.0.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.s390x"
},
"product_reference": "libsodium26-32bit-1.0.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsodium26-32bit-1.0.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.x86_64"
},
"product_reference": "libsodium26-32bit-1.0.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15444"
}
],
"notes": [
{
"category": "general",
"text": "Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15444",
"url": "https://www.suse.com/security/cve/CVE-2025-15444"
},
{
"category": "external",
"summary": "SUSE Bug 1256070 for CVE-2025-15444",
"url": "https://bugzilla.suse.com/1256070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium-devel-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-1.0.21-1.1.x86_64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.aarch64",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.ppc64le",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.s390x",
"openSUSE Tumbleweed:libsodium26-32bit-1.0.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-15444"
}
]
}
MSRC_CVE-2025-15444
Vulnerability from csaf_microsoft - Published: 2026-01-02 00:00 - Updated: 2026-02-21 03:41Summary
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15444 Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2025-15444.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium",
"tracking": {
"current_release_date": "2026-02-21T03:41:16.000Z",
"generator": {
"date": "2026-02-21T04:55:07.528Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-15444",
"initial_release_date": "2026-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-01-09T01:10:52.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-01-09T14:36:29.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-01-13T01:42:15.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-02-21T03:41:16.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libsodium 1.0.19-1",
"product": {
"name": "\u003cazl3 libsodium 1.0.19-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 libsodium 1.0.19-1",
"product": {
"name": "azl3 libsodium 1.0.19-1",
"product_id": "20774"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libsodium 1.0.19-2",
"product": {
"name": "\u003cazl3 libsodium 1.0.19-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libsodium 1.0.19-2",
"product": {
"name": "azl3 libsodium 1.0.19-2",
"product_id": "20829"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libsodium 1.0.18-6",
"product": {
"name": "\u003ccbl2 libsodium 1.0.18-6",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 libsodium 1.0.18-6",
"product": {
"name": "cbl2 libsodium 1.0.18-6",
"product_id": "20775"
}
}
],
"category": "product_name",
"name": "libsodium"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libsodium 1.0.19-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libsodium 1.0.19-1 as a component of Azure Linux 3.0",
"product_id": "20774-17084"
},
"product_reference": "20774",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libsodium 1.0.19-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libsodium 1.0.19-2 as a component of Azure Linux 3.0",
"product_id": "20829-17084"
},
"product_reference": "20829",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libsodium 1.0.18-6 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libsodium 1.0.18-6 as a component of CBL Mariner 2.0",
"product_id": "20775-17086"
},
"product_reference": "20775",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15444",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "general",
"text": "CPANSec",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20774-17084",
"20829-17084",
"20775-17086"
],
"known_affected": [
"17084-3",
"17084-1",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15444 Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2025-15444.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-09T01:10:52.000Z",
"details": "1.0.19-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-01-09T01:10:52.000Z",
"details": "1.0.18-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-3",
"17084-1",
"17086-2"
]
}
],
"title": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium"
}
]
}
GHSA-38VQ-9WRC-XXH4
Vulnerability from github – Published: 2026-01-06 03:31 – Updated: 2026-01-06 21:30
VLAI?
Details
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2025-15444"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T01:16:01Z",
"severity": "CRITICAL"
},
"details": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u00a0 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of\u00a0libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.",
"id": "GHSA-38vq-9wrc-xxh4",
"modified": "2026-01-06T21:30:30Z",
"published": "2026-01-06T03:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15444"
},
{
"type": "WEB",
"url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
},
{
"type": "WEB",
"url": "https://00f.net/2025/12/30/libsodium-vulnerability"
},
{
"type": "WEB",
"url": "https://metacpan.org/dist/Crypt-Sodium-XS/changes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2025-15444
Vulnerability from fkie_nvd - Published: 2026-01-06 01:16 - Updated: 2026-01-08 18:09
Severity ?
Summary
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Crypt::Sodium::XS module versions prior to\u00a00.000042,\u00a0for Perl, include a vulnerable version of libsodium\n\nlibsodium \u003c= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\u00a0 https://www.cve.org/CVERecord?id=CVE-2025-69277 .\n\nThe libsodium vulnerability states:\n\nIn atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.\n\n0.000042 includes a version of\u00a0libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability."
}
],
"id": "CVE-2025-15444",
"lastModified": "2026-01-08T18:09:23.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-06T01:16:01.240",
"references": [
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"url": "https://00f.net/2025/12/30/libsodium-vulnerability/"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"url": "https://metacpan.org/dist/Crypt-Sodium-XS/changes"
}
],
"sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…