Uncontrolled Resource Consumption in Bouncy Castle for Java by Legion of the Bouncy Castle Inc.
CVE-2025-9092

1LOW

Key Information:

Vendor: Legion Of The Bouncy Castle Inc.
Status: Bouncy Castle For Java - Bc-fja 2.1.0
Vendor: CVE Published:; 16 August 2025

🔔 Create Legion Of The Bouncy Castle Inc. Vulnerability Alert

What is CVE-2025-9092?

The uncontrolled resource consumption vulnerability in Bouncy Castle for Java (BC-FJA 2.1.0) allows for excessive resource allocation, which can lead to performance degradation and denial of service. This issue affects the NativeLoader API module and stems from improper management of resources during execution. Developers using impacted versions must review their implementations to mitigate risks associated with this vulnerability.

Affected Version(s)

Bouncy Castle for Java - BC-FJA 2.1.0 All BC-FJA 2.1.0 <= 2.1.0

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2...

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Aug 16, 2025

CVE-2025-9092 Data

JSON