CVE-2025-9092 Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion

🗓️ 16 Aug 2025 10:29:59Reported by bcorgType

CVE-2025-9092: Resource exhaustion from hybrid deployment in multi-JVMs Bouncy Castle BC-FJA 2.1.0

Reporter	Title	Published	Views	Family All 19
IBM Security Bulletins	Security Bulletin: Bouncy Castle for Java BC-FJA NativeLoader Resource Consumption Issue, affects watsonx.data	15 Jan 202604:03	–	ibm
Chainguard	CVE-2025-9092 vulnerabilities	25 Aug 202520:14	–	cgr
CNNVD	Bouncy Castle Java 安全漏洞	16 Aug 202500:00	–	cnnvd
CVE	CVE-2025-9092	16 Aug 202510:29	–	cve
EUVD	EUVD-2025-28810	3 Oct 202520:07	–	euvd
Github Security Blog	Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability	16 Aug 202512:30	–	github
NVD	CVE-2025-9092	16 Aug 202511:15	–	nvd
OSV	CGA-3FQR-VJ7Q-M3H8	29 Jan 202600:41	–	osv
OSV	CGA-G5FQ-FJRR-CX3Q	25 Aug 202516:34	–	osv
OSV	GHSA-V6CF-MV9H-C8MC Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability	16 Aug 202512:30	–	osv

[
  {
    "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "bc-fips",
    "platforms": [
      "All"
    ],
    "product": "Bouncy Castle for Java - BC-FJA 2.1.0",
    "programFiles": [
      "org.bouncycastle.crypto.fips.NativeLoader"
    ],
    "vendor": "Legion of the Bouncy Castle Inc.",
    "versions": [
      {
        "lessThanOrEqual": "2.1.0",
        "status": "affected",
        "version": "BC-FJA 2.1.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%909092

16 Aug 2025 10:29Current

CVSS 41

EPSS0.00137

CWE-400

resource exhaustion;hybrid module deployment;multi virtual machines;bouncy castle;two point one