CVE-2025-8885

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java.

This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
bcorgCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Debian logo
Debian Releases
Debian Product
Codename
bouncycastle
bullseye
vulnerable
bookworm
vulnerable
forky
1.80-3
fixed
sid
1.80-3
fixed
trixie
1.80-3
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885