CVE-2025-15638 PUBLISHED

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt

Assigner: CPANSec
Reserved: 20.04.2026 Published: 21.04.2026 Updated: 21.04.2026

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.

Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.

Product Status

Vendor ATRODO
Product Net::Dropbear
Versions Default: unaffected
  • affected from 0 to 0.14 (excl.)

References

Problem Types

  • CWE-1395 Dependency on Vulnerable Third-Party Component CWE