VYPR
Medium severityGHSA Advisory· Published Aug 13, 2025· Updated May 12, 2026

CVE-2025-8916

CVE-2025-8916

Description

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.

This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcpkix-jdk15onMaven
>= 1.44, < 1.791.79
org.bouncycastle:bcpkix-jdk15to18Maven
>= 1.44, < 1.791.79
org.bouncycastle:bcpkix-jdk18onMaven
>= 1.44, < 1.791.79
org.bouncycastle:bcpkix-fipsMaven
>= 1.0.0, < 1.0.81.0.8
org.bouncycastle:bcpkix-fipsMaven
>= 2.0.0, < 2.0.82.0.8

Affected products

63

Patches

Vulnerability mechanics

References

5

News mentions

1