Out-of-Bounds Write Vulnerability in Bouncy Castle for Java by Legion of the Bouncy Castle Inc.
CVE-2025-9340

NONE

Key Information:

Vendor: Legion Of The Bouncy Castle Inc.
Status: Bouncy Castle For Java
Vendor: CVE Published:; 22 August 2025

🔔 Create Legion Of The Bouncy Castle Inc. Vulnerability Alert

What is CVE-2025-9340?

A vulnerability exists in the Bouncy Castle for Java library, specifically within the API modules where an out-of-bounds write could occur. This flaw can potentially allow an attacker to manipulate the program's execution flow, leading to unauthorized access or data corruption. Affected versions include Bouncy Castle BC-FIPS starting from version 2.1.0. Users are advised to review the library's usage and apply necessary updates to mitigate risks.

Affected Version(s)

Bouncy Castle for Java All BC-FJA 2.1.0 <= 2.1.0

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2...

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Aug 22, 2025