CVE-2025-8885
MEDIUMOrg.bouncycastle Bcprov-jdk14 - Resource Allocation Without Limits
Title source: ruleDescription
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associated with program files https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdenti... https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java . This issue affects BC Java: from 1.0 through 1.77; BC-FJA: from 1.0.0 through 1.0.2.5, from 2.0.0 through 2.0.1.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
Scores
CVSS v4
6.3
EPSS
0.0050
EPSS Percentile
39.0%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (10)
Legion of the Bouncy Castle Inc./BC Java
1.0 - 1.77
Legion of the Bouncy Castle Inc./BC-FJA
1.0.0 - 1.0.2.5
Legion of the Bouncy Castle Inc./BC-FJA
2.0.0 - 2.0.1
org.bouncycastle/bc-fips
1.0.0 - 1.0.2.6Maven
org.bouncycastle/bcprov-jdk14
1.0 - 1.78Maven
org.bouncycastle/bcprov-jdk15to18
1.0 - 1.78Maven
org.bouncycastle/bcprov-jdk18on
1.0 - 1.78Maven
org.bouncycastle/bctls-jdk14
1.0 - 1.78Maven
org.bouncycastle/bctls-jdk15to18
1.0 - 1.78Maven
org.bouncycastle/bctls-jdk18on
1.0 - 1.78Maven
Published
Aug 12, 2025
Tracked Since
Feb 18, 2026