CVE-2025-15638
Cryptographic Vulnerabilities in Net::Dropbear libtomcrypt Before
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atrodo | net | to 0.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Net::Dropbear before version 0.14 involves a vulnerable version of libtomcrypt that suffers from critical cryptographic weaknesses, including side-channel attacks and buffer overflows. Such vulnerabilities can compromise the confidentiality, integrity, and availability of data.
Because cryptographic security is fundamental to protecting sensitive data, this vulnerability could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strong data protection measures. Exploitation of this vulnerability could lead to unauthorized data access or data breaches, thereby violating these regulations.
Therefore, organizations using affected versions of Net::Dropbear may face increased risk of non-compliance due to weakened cryptographic protections.
Can you explain this vulnerability to me?
CVE-2025-15638 concerns vulnerabilities in the libtomcrypt cryptographic library included in Net::Dropbear versions before 0.14. These vulnerabilities include side-channel attacks such as timing attacks on ECDSA key extraction and cache-based timing attacks in CCM mode, potential stack overflows during DER flexible decoding, and various cryptographic weaknesses in RSA, DSA, and ECC operations.
The vulnerability also involves issues like counter reuse and timing attacks in cryptographic modes (CTR, CCM, GCM, EAX, OCB, OCBv3), NULL-pointer dereferences, buffer overflows, and incorrect return values in cryptographic functions. The fixes include hardened cryptographic operations, constant-time memory comparison functions to prevent timing leaks, and improvements in encoding/decoding and platform compatibility.
How can this vulnerability impact me? :
This vulnerability can impact you by exposing cryptographic operations to side-channel attacks, which may allow attackers to extract sensitive cryptographic keys or data. Buffer overflows and NULL-pointer dereferences could lead to crashes or potential exploitation, compromising the security and stability of applications using the affected libtomcrypt versions.
If your system or application relies on Net::Dropbear versions before 0.14, it may be vulnerable to these cryptographic weaknesses, potentially allowing attackers to bypass encryption protections or cause denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Net::Dropbear versions before 0.14 for Perl, which include vulnerable versions of libtomcrypt (v1.18.1 or earlier). Detection involves identifying the version of Net::Dropbear or libtomcrypt installed on your system.
You can check the installed version of Net::Dropbear or libtomcrypt by running commands that query the package version or inspect the software directly.
- For Perl modules, use: perl -MNet::Dropbear -e 'print $Net::Dropbear::VERSION, "\n";'
- Check the Dropbear version by running: dropbear -V (if Dropbear is separately installed)
- Search for libtomcrypt version in your system or application directories, for example: strings /path/to/libtomcrypt.so | grep -i version
Additionally, monitoring network traffic for unusual cryptographic operations or failed connections might help, but no specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Net::Dropbear to version 0.14 or later, which includes an updated and hardened version of libtomcrypt addressing the security issues.
The updated libtomcrypt includes fixes for side-channel attacks, buffer overflows, timing attacks, and other cryptographic vulnerabilities.
If upgrading is not immediately possible, consider restricting access to affected services, monitoring for suspicious activity, and applying any available patches or workarounds provided by the software maintainers.