CVE-2025-15638

10.0 CRITICAL
Published: April 21, 2026 Modified: April 22, 2026
View on NVD

Description

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Release Notes
https://www.cve.org/CVERecord?id=CVE-2016-6129
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2018-12437
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
10.0 / 10.0
EPSS (Exploit Probability)
0.0%
5th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

atrodo