CVE-2025-15638
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt
In short
Net::Dropbear, a Perl library for SSH connections, includes an outdated cryptographic library (libtomcrypt) with known security flaws that could allow attackers to compromise encrypted communications.
Technical detail
Net::Dropbear before version 0.14 bundles vulnerable libtomcrypt v1.18.1 or earlier, which contains flaws addressed in CVE-2016-6129 and CVE-2018-12437. These vulnerabilities in the cryptographic primitives can be exploited remotely through SSH protocol interactions to weaken or bypass encryption protections.
Summary generated and translated by AI from the official description.
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.
Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
ATRODO · Net::DropbearWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →