Skip to main content

Red Hat CVE-2025-15444

CRITICAL
Improper Verification of Cryptographic Signature (CWE-347)
2026-01-06 9b29abf9-4ab0-4765-b253-1875cd9b441e
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
6.8 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Mar 10, 2026 - 17:00 nvd
Patch available
CVE Published
Jan 06, 2026 - 01:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 .

The libsodium vulnerability states:

In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

AnalysisAI

Crypt::Sodium::XS for Perl bundles a vulnerable version of libsodium (<= 1.0.20) that has a signature verification flaw. In atypical use cases with custom cryptography, this can compromise data authenticity guarantees. Patch available.

Technical ContextAI

The bundled libsodium version contains CVE-2025-69277, a vulnerability in signature verification (CWE-347). While standard usage patterns are typically not affected, custom cryptographic implementations that rely on certain libsodium verification functions may accept forged signatures.

RemediationAI

Update to Crypt::Sodium::XS 0.000042 or later. Verify that the system libsodium is also updated to > 1.0.20.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.11 Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-SAP-BYOS-EC2 Image SLES15-SP5-SAP-Hardened-BYOS-EC2 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-Hardened-Azure Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-Azure Image SLES15-SP6-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-EC2 Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-EC2 Image SLES15-SP7-SAP-Hardened-Azure Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-EC2 Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAPCAL-Azure Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.47 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.42 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.53 Container suse/sl-micro/6.0/toolbox:13.2-9.9 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.15 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected
Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-On-Demand Affected
Image SLES12-SP5-EC2-SAP-BYOS Affected

Share

CVE-2025-15444 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy