Excessive Resource Allocation Vulnerability in Bouncy Castle for Java by Legion of the Bouncy Castle Inc.
CVE-2025-8885

6.3MEDIUM

Key Information:

Vendor: Legion Of The Bouncy Castle Inc.
Status: Bouncy Castle For Java
Vendor: CVE Published:; 12 August 2025

🔔 Create Legion Of The Bouncy Castle Inc. Vulnerability Alert

What is CVE-2025-8885?

A vulnerability in the Bouncy Castle for Java library, developed by Legion of the Bouncy Castle Inc., allows for excessive resource allocation. This issue affects all API modules in versions ranging from Bouncy Castle 1.0 to 1.77, and Bouncy Castle-FJA from 1.0.0 to 2.0.0. The vulnerability can lead to performance degradation or even system crashes if exploited, making it critical for developers to update to patched versions. Detailed technical information can be found in the official documentation.

Affected Version(s)

Bouncy Castle for Java All BC 1.0 <= 1.77

Bouncy Castle for Java All BC-FJA 1.0.0 <= 2.0.0

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Aug 12, 2025

Credit

Bing Shi