216.73.217.80

CVE-2025-8885

· Published 12/08/2025 10:15 · Modified 12/08/2025 14:25

Labels: CVE-2025-8885 2025-08-1291579145-5d7b-4cc5-b925-a0262ff19630CVE-2025-8885CWE-770

Essential information

Published
12/08/2025 10:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
91579145-5d7b-4cc5-b925-a0262ff19630
NVD
View on NVD

Affected products (CPE)

ProductCPE
bouncy castle / bc cpe:2.3:a:bouncy_castle:bc:1.0-1.77:*:*:*:*:*:*:*
bouncy castle / bc-fja cpe:2.3:a:bouncy_castle:bc-fja:1.0.0-2.0.0:*:*:*:*:*:*:*

References