CVE-2025-15444
Published: 06 January 2026
Summary
CVE-2025-15444 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Iamb Crypt\. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires organizations to identify, report, and correct flaws like the vulnerable libsodium in Crypt::Sodium::XS by timely updating to the fixed version 0.000042.
RA-5 mandates vulnerability monitoring and scanning to detect deployments of vulnerable Crypt::Sodium::XS versions or embedded libsodium <=1.0.20.
CM-8 ensures a complete inventory of system components, allowing identification of systems using the affected Perl module for targeted vulnerability assessment and patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote exploitable cryptographic signature validation flaw in a public-facing library enables direct exploitation of applications using the module.
NVD Description
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In…
more
atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
Deeper analysisAI
CVE-2025-15444 affects the Crypt::Sodium::XS Perl module in versions prior to 0.000042, which bundles a vulnerable version of libsodium (versions <= 1.0.20 or released before December 30, 2025). This vulnerability stems from CVE-2025-69277 in libsodium, where the crypto_core_ed25519_is_valid_point function mishandles checks for elliptic curve point validity in atypical use cases, such as custom cryptography implementations or processing untrusted data. It incorrectly permits points outside the main cryptographic group, potentially undermining Ed25519-based security primitives. The issue is rated CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-347.
Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Exploitation targets applications using Crypt::Sodium::XS that invoke the vulnerable libsodium function with untrusted inputs, allowing attackers to supply malformed elliptic curve points. Successful exploitation can compromise confidentiality, integrity, and availability with high impact, such as forging signatures, decrypting data, or causing denial of service in affected cryptographic operations.
Advisories recommend updating to Crypt::Sodium::XS version 0.000042, which integrates libsodium 1.0.20-stable (released January 3, 2026) containing the fix. The libsodium patch is detailed in GitHub commit ad3004ec8731730e93fcfbbc824e67eadc1c1bae, and release notes are available on MetaCPAN. Additional analysis appears in a December 30, 2025, blog post at 00f.net.
Details
- CWE(s)