Search for vulnerabilities
Vulnerability details: VCID-5aet-5u76-sugd
Vulnerability ID VCID-5aet-5u76-sugd
Aliases CVE-2025-8885
GHSA-67mf-3cr5-8w23
Summary Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-8885
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-67mf-3cr5-8w23
generic_textual MODERATE https://github.com/bcgit/bc-java
generic_textual MODERATE https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865
cvssv4 6.3 https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
generic_textual MODERATE https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
ssvc Track https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-8885
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json
https://api.first.org/data/v1/epss?cve=CVE-2025-8885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bcgit/bc-java
https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865
https://nvd.nist.gov/vuln/detail/CVE-2025-8885
2387790 https://bugzilla.redhat.com/show_bug.cgi?id=2387790
CVE%E2%80%902025%E2%80%908885 https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
GHSA-67mf-3cr5-8w23 https://github.com/advisories/GHSA-67mf-3cr5-8w23
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:14:28Z/ Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
Exploit Prediction Scoring System (EPSS)
Percentile 0.11655
EPSS Score 0.00042
Published At Aug. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-08-13T08:03:45.327064+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 37.0.0