CVE-2025-40913

Summary

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.

Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

Affected Software

VendorProductVersion RangeStatus
ATRODONet::Dropbear0.01 <= 0.16affected

Weaknesses

  • CWE-1395: CWE-1395 Dependency on Vulnerable Third-Party Component

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References