CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt
Robert Rothenberg 21 Apr 2026 15:35 UTC
========================================================================
CVE-2025-15638 CPAN Security Group
========================================================================
CVE ID: CVE-2025-15638
Distribution: Net-Dropbear
Versions: before 0.14
MetaCPAN: https://metacpan.org/dist/Net-Dropbear
VCS Repo: https://github.com/atrodo/Net-Dropbear
Net::Dropbear versions before 0.14 for Perl contains a vulnerable
version of libtomcrypt
Description
-----------
Net::Dropbear versions before 0.14 for Perl contains a vulnerable
version of libtomcrypt.
Net::Dropbear versions before 0.14 includes versions of Dropbear
2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or
earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.
Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component
References
----------
https://www.cve.org/CVERecord?id=CVE-2016-6129
https://www.cve.org/CVERecord?id=CVE-2018-12437
https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes
