EUVD-2025-24231

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Excessive allocation flaw in Bouncy Castle Java API; affects BC 1.0-1.77 and BC-FJA 1.0.0-2.0.0

Reporter	Title	Published	Views	Family All 89
IBM Security Bulletins	Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips	17 Feb 202604:38	–	ibm
IBM Security Bulletins	Security Bulletin: SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities (CVE-2025-8916, CVE-2025-8885, CVE-2025-48976)	16 Sep 202517:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8885	19 Mar 202613:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues	17 Feb 202612:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]	21 Oct 202510:58	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Bouncy Castle Rational Performance Tester is affected by multiple vulnerabilities	2 Jan 202618:05	–	ibm
IBM Security Bulletins	Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API	7 Jan 202619:35	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885)	24 Feb 202622:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues	17 Feb 202612:10	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).	3 Dec 202511:23	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "cf07566e-4e38-35ee-8e47-a5b5b1b6d3c7",
        "vendor": {
          "name": "Legion of the Bouncy Castle Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "12cde6e7-730b-37f6-9f95-e31b2f1f9956",
        "product": {
          "name": "Bouncy Castle for Java"
        },
        "product_version": "BC-FJA 2.0.0 ≤2.0.0"
      },
      {
        "id": "130ee668-2443-320c-8c5e-f1f36e4261a8",
        "product": {
          "name": "BC-FJA"
        },
        "product_version": "2.0.0 ≤2.0.1"
      },
      {
        "id": "5983a046-75f8-3a33-bf4f-3de714d436cc",
        "product": {
          "name": "BC Java"
        },
        "product_version": "1.0 ≤1.77"
      },
      {
        "id": "7e2b769d-9e27-375e-8945-0de6f9626bcd",
        "product": {
          "name": "BC-FJA"
        },
        "product_version": "1.0.0 ≤1.0.2.5"
      },
      {
        "id": "80475a1a-5452-3560-a5fe-7d629a6494e2",
        "product": {
          "name": "Bouncy Castle for Java"
        },
        "product_version": "BC-FJA 1.0.0 ≤2.0.0"
      },
      {
        "id": "aa9ef5b3-053a-3c92-91a4-051fdcff5fc9",
        "product": {
          "name": "Bouncy Castle for Java"
        },
        "product_version": "BC 1.0 ≤1.77"
      },
      {
        "id": "f1827676-68cb-3fea-861c-d42ab4171719",
        "product": {
          "name": "Bouncy Castle for Java"
        },
        "product_version": "BC-FJA 1.0.0 ≤1.0.2.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-8885
github	www.github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865
github	www.github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java

03 Oct 2025 20:07Current

6.2Medium risk

Vulners AI Score6.2

CVSS 46.3

EPSS0.0044

SSVC