CVE-2025-69277

ADVISORY - github

Summary

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

This advisoory lists packages in the GitHub Advisory Database's supported ecosystems that are affected by this vulnerability due to a vulnerable dependency.

EPSS Score⁠: 0.00023 (0.054)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-184⁠

Incomplete List of Disallowed Inputs

ADVISORY - github

CWE-184⁠

Incomplete List of Disallowed Inputs

ADVISORY - redhat

CWE-184⁠

Incomplete List of Disallowed Inputs

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.