CVE-2025-15444CRITICAL 9.8EPSS p13.3%

CVE-2025-15444CVE-2025-15444

Description

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.23% probability of exploitation · percentile 13.3% · 2026-06-18T12:00:27Z
Published2026-01-06
Last modified2026-03-10

Underlying weaknesses· 1

CWE-347

References

  1. https://00f.net/2025/12/30/libsodium-vulnerability/
  2. https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
  3. https://metacpan.org/dist/Crypt-Sodium-XS/changes

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2588
CVE
CVE-2026-30909
CVE
CVE-2025-40914
CVE
CVE-2026-47372
CVE
CVE-2025-40912
CVE
CVE-2025-9287
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.