CVE-2025-15638 — CRITICAL (10.0)

Q: How severe is CVE-2025-15638?

CVE-2025-15638 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-15638?

Check the references section above for vendor advisories and patch information. Affected products include: Atrodo Net\.

Vulnerability Description

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Atrodo	Net\	< 0.14, \

References

https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypRelease Notes
https://www.cve.org/CVERecord?id=CVE-2016-6129Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2018-12437Third Party Advisory

FAQ

What is CVE-2025-15638?

CVE-2025-15638 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions o...

How severe is CVE-2025-15638?

CVE-2025-15638 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-15638?

Check the references section above for vendor advisories and patch information. Affected products include: Atrodo Net\.