CVE-2025-15638

CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt

Vendor Atrodo
Product Net::Dropbear
Weakness CWE-1395
Published April 21, 2026
Last update April 21, 2026

CVSS base score

What the vulnerability does

01Description

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.

Key dates

02Disclosure timeline

April 21, 2026 CVE published
April 21, 2026 Record updated