21 matches found
ROOT-APP-MAVEN-CVE-2025-8885 CVE-2025-8885 in io.root.org.bouncycastle:bc-fips - Patched by Root
Root has patched CVE-2025-8885 in the io.root.org.bouncycastle:bc-fips package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8885
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules...
Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885)
Summary There is a vulnerability in bc-fips-1.0.2.5.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-8885. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips
Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...
Oracle GoldenGate for Big Data Resource Allocation Vulnerability 19.1.x < 19.1.0.0.21 / 21.x < 21.21.0.0.0 (October 2025 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API
Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle(CVE-2025-8916 & CVE-2025-8885)
Summary IBM App Connect Enterprise runtime and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setti...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7655 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)
org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2025-8885 Source...
com.appmattus.certificatetransparency:certificatetransparency (>=0.3.0 <=1.1.1), com.appmattus.certificatetransparency:certificatetransparency-android (>=0.3.0 <=1.1.1) +27 more potentially affected by CVE-2025-8885 via org.bouncycastle:bctls-jdk15to18 (>=1.66 <=1.70)
org.bouncycastle:bctls-jdk15to18 MAVEN version =1.66, =0.3.0, =0.3.0, =2.0.0, =1.0.0, =1.0.0, =5.23.1, =3.8.1, =1.9.1, =1.0.0-LOCAL, =1.0.0, =2.15.1, =1.0.2, =1.8.1, =1.8.6 and more Source cves: CVE-2025-8885 Source advisory: OSV:GHSA-67MF-3CR5-8W23...
CVE-2025-8885
creationtimestamp| type| source ---|---|--- 2025-08-12 12:08:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lw7bnh4j4r2s 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875 2026-02-20 14:25:07+00:00| seen|...
org.apache.camel.quarkus:camel-quarkus-as2 (>=3.0.0-M1 <=3.10.0), org.apache.camel.quarkus:camel-quarkus-as2-deployment (>=3.0.0-M1 <=3.10.0) +4 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.77)
org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =4.5.0 Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777841...
com.github.WHUTzju:blockchainsdk (=4.1.3), com.github.bjlhx15:common-pdf (=0.0.4) +84 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk14 (>=1.51 <=1.77)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.51, =9.1.20, =0.1.1, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.0.0, =1.1.0, =1.0.0, =1.2.6 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777844...
cn.jarkata:jarkata-encrypt (=1.0.0), cn.ponfee:commons-core (>=1.1 <=1.4) +242 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-ext-jdk18on (>=1.71 <=1.77)
org.bouncycastle:bcprov-ext-jdk18on MAVEN version =1.71, =1.1, =2.4.1, =3.0.0 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.12 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.13 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams3 =2.9.1 -...
com.github.lansheng228:aws-crypto (=1.0.3), com.github.yadickson:autocert (>=2.0.0 <=2.0.2) +35 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-ext-jdk15to18 (>=1.64 <=1.76)
org.bouncycastle:bcprov-ext-jdk15to18 MAVEN version =1.64, =2.0.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.1, =12.31.0, =v9.6.6, =v9.6.6, =v9.6.6, =v9.6.6, =v9.6.6, =v9.6.6, =v9.6.7 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777848...
com.ascentstream.pulsar:bouncy-castle-bcfips (>=3.0.16.0 <=4.0.11.0), com.ascentstream.pulsar:pulsar-package-bookkeeper-storage (>=3.0.18.0 <=4.0.11.0) +26 more potentially affected by CVE-2025-8885 via org.bouncycastle:bc-fips (>=2.0.0 <=2.0.1)
org.bouncycastle:bc-fips MAVEN version =2.0.0, =3.0.16.0, =3.0.18.0, =9.0.0, =4.0.7.1, =4.0.7.1, =3.0.15, =3.0.17, =2.0.9, =2.0.7, =2.0.19, =2.0.23 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11785881...
aero.m-click:mcpdf (>=0.2.3 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +28976 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk15on (>=1.51 <=1.70)
org.bouncycastle:bcprov-jdk15on MAVEN version =1.51, =0.2.3, =4.4.0.0, =0.42.1, =0.1.12, =0.1.2, =0.28.0, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777856...
com.github.mizosoft.methanol:benchmarks (>=1.1.0 <=1.2.0), com.github.mizosoft.methanol:methanol-testutils (>=1.1.0 <=1.2.0) +35 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-debug-jdk15on (>=1.53 <=1.70)
org.bouncycastle:bcprov-debug-jdk15on MAVEN version =1.53, =1.1.0, =1.1.0, =0.8.635, =0.8.635, =0.8.635, =0.8.635, =0.0.1, =4.4.0, =1.3.8, =1.3.7, =1.3.7, =1.3.8, =1.4.0 - de.ohmesoftware:keytool =0.0.2 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777855...
cn.loyom.boot:loyom-boot-cache (=1.0.0-JDK21), cn.loyom.boot:loyom-boot-common (=1.0.0-JDK21) +163 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-lts8on (>=2.73.0 <=2.73.4)
org.bouncycastle:bcprov-lts8on MAVEN version =2.73.0, =2.73.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcprov-lts8on and may be impacted: - cn.loyom.boot:loyom-boot-cache =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-common =1.0.0-JDK...
app.cash.lilbitcoinj:lilbitcoinj-core (>=0.0.2 <=0.0.3), app.cash.lninvoice:ln-invoice (>=0.0.1 <=0.0.6) +1309 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk15to18 (>=1.63 <=1.77)
org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.63, =0.0.2, =0.0.1, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =1.0.0.RELEASE, =1.0.0, =1.0.0.RELEASE, =2.7.0 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777845...