CVE-2025-15638 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: April 21, 2026
Net::Dropbear - Weak Cryptography
Overview
Net::Dropbear < 0.14 for Perl contains vulnerable libtomcrypt versions <= 1.18.1 affected by CVE-2016-6129 and CVE-2018-12437, letting attackers exploit cryptographic weaknesses, exploit requires use of affected cryptographic functions.
Severity & Score
Impact
Attackers can exploit cryptographic weaknesses to compromise data confidentiality or integrity.
Mitigation
Update to Net::Dropbear version 0.14 or later with updated libtomcrypt.
References
Social Media Activity(2 posts)
š“ CVE-2025-15638 - Critical (10) Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affe... š https://www.thehackerwire.com/vulnerability/CVE-2025-15638/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2025-15638 - Critical (10) Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affe... š https://www.thehackerwire.com/vulnerability/CVE-2025-15638/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-15638
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- weak_cryptography
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H