CVE-2025-8885

🗓️ 12 Aug 2025 09:13:42Reported by bcorgType

DoS from unbounded resource allocation in ASN1 OID processing BCJava(BC 1.0-1.77;BC-FJA 1.0.0-2.0.0).

Reporter	Title	Published	Views	Family All 89
IBM Security Bulletins	Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips	17 Feb 202604:38	–	ibm
IBM Security Bulletins	Security Bulletin: SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities (CVE-2025-8916, CVE-2025-8885, CVE-2025-48976)	16 Sep 202517:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8885	19 Mar 202613:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues	17 Feb 202612:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]	21 Oct 202510:58	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Bouncy Castle Rational Performance Tester is affected by multiple vulnerabilities	2 Jan 202618:05	–	ibm
IBM Security Bulletins	Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API	7 Jan 202619:35	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885)	24 Feb 202622:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues	17 Feb 202612:10	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).	3 Dec 202511:23	–	ibm

[
  {
    "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "bcprov",
    "platforms": [
      "All"
    ],
    "product": "BC Java",
    "programFiles": [
      "https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java"
    ],
    "repo": "https://github.com/bcgit/bc-java",
    "vendor": "Legion of the Bouncy Castle Inc.",
    "versions": [
      {
        "lessThanOrEqual": "1.77",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "bc-fips",
    "platforms": [
      "All"
    ],
    "product": "BC-FJA",
    "vendor": "Legion of the Bouncy Castle Inc.",
    "versions": [
      {
        "lessThanOrEqual": "1.0.2.5",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2.0.1",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885

15 Apr 2026 00:35Current

6.2Medium risk

Vulners AI Score6.2

CVSS 46.3

EPSS0.00121

SSVC

CWE-770