How to fix CVE-2025-15444?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Is Redhat affected by CVE-2025-15444?

CVE-2025-15444 presents critical security risk, a signature bypass vulnerability rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems. A patch is available and should be applied immediately given the critical severity.

CVE-2025-15444

CRITICAL

2026-01-06 9b29abf9-4ab0-4765-b253-1875cd9b441e

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Mar 10, 2026 - 17:00 nvd

Patch available

CVE Published

Jan 06, 2026 - 01:16 nvd

CRITICAL 9.8

Description

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

Analysis

Crypt::Sodium::XS for Perl bundles a vulnerable version of libsodium (<= 1.0.20) that has a signature verification flaw. In atypical use cases with custom cryptography, this can compromise data authenticity guarantees. Patch available.

Technical Context

The bundled libsodium version contains CVE-2025-69277, a vulnerability in signature verification (CWE-347). While standard usage patterns are typically not affected, custom cryptographic implementations that rely on certain libsodium verification functions may accept forged signatures.

Affected Products

Crypt::Sodium::XS before 0.000042 (Perl module)

Remediation

Update to Crypt::Sodium::XS 0.000042 or later. Verify that the system libsodium is also updated to > 1.0.20.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

Vendor Status

CVE-2025-15444 vulnerability details – vuln.today

Back

CVE-2025-15444

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-15444

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code