CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly

🗓️ 15 Apr 2026 08:56:34Reported by bcorgType

CVE-2025-14813: GOST CTR in Java cryptography provider cannot process more than 255 blocks; affects versions 1.59 to 1.83.

Reporter	Title	Published	Views	Family All 68
IBM Security Bulletins	Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto (CVE-2025-14813, CVE-2026-5598)	21 May 202615:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)	8 Jun 202613:55	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)	16 Jun 202614:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)	27 May 202614:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by broken or risky algorithm.	17 Jun 202606:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)	19 Jun 202608:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.	11 May 202606:59	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)	29 May 202609:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Technical Support Appliance is affected by a timing channel vulnerability in Bouncy Castle BC-JAVA	8 Jun 202614:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager	20 Jun 202607:57	–	ibm

[
  {
    "vendor": "Legion of the Bouncy Castle Inc.",
    "product": "BC-JAVA",
    "platforms": [
      "all"
    ],
    "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java/",
    "packageName": "bcprov",
    "repo": "https://github.com/bcgit/bc-java",
    "modules": [
      "core"
    ],
    "programFiles": [
      "G3413CTRBlockCipher"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.59",
        "lessThan": "1.80.2",
        "versionType": "maven"
      },
      {
        "status": "affected",
        "version": "1.81",
        "lessThan": "1.81.1",
        "versionType": "maven"
      },
      {
        "status": "affected",
        "version": "1.82",
        "lessThan": "1.84",
        "versionType": "maven"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813
github	www.github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3
github	www.github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f

18 May 2026 23:15Current

CVSS 49.3

EPSS0.00115

CWE-327