CVE-2025-15444

medium Red Hat
CVSS v3 Base Score
6.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Published: January 6, 2026 (129 days ago)
Last Modified: January 6, 2026
Vendor: Red Hat

Description

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

CWE

CWE-1395

Affected Products

Red Hat Developer HubRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0Red Hat Satellite 6

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 00f.net 🔗 github.com