CVE-2025-8916
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-09-12
Assigner: bcorg
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| legion_of_the_bouncy_castle_inc | bcpkix_fips | 2.0.7 |
| legion_of_the_bouncy_castle_inc | bc_java | 1.44 |
| legion_of_the_bouncy_castle_inc | bcpkix_fips | 2.0.0 |
| legion_of_the_bouncy_castle_inc | bcpkix_fips | 1.0.0 |
| legion_of_the_bouncy_castle_inc | bc_java | 1.78 |
| legion_of_the_bouncy_castle_inc | bcpkix_fips | 1.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Allocation of Resources Without Limits or Throttling issue in the Legion of the Bouncy Castle Inc. Bouncy Castle for Java libraries (bcpkix, bcprov, bcpkix-fips). It allows excessive allocation of resources, which means the affected software does not properly limit or throttle resource usage, potentially leading to resource exhaustion.
How can this vulnerability impact me? :
The vulnerability can lead to excessive allocation of resources, which may cause performance degradation, denial of service, or system instability due to resource exhaustion when the affected Bouncy Castle Java libraries are used.