Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation — CVE-2025-8916

GitHub · GitHub · CVE-2025-8916

ID
CVE-2025-8916

Date
2025-08-13

Updated
2026-05-13

Activity
2026-05-13

Source
GitHub

Vendor
GitHub

Threat
medium

CVSS
6.3

EPSS
0.00085

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP...…

Product

maven: org.bouncycastle:bcpkix-fips | maven: org.bouncycastle:bcpkix-jdk15on | maven: org.bouncycastle:bcpkix-jdk15to18 | maven: org.bouncycastle:bcpkix-jdk18on

What to do

General, cautious steps (verify details in the official source):

Review exposure and plan remediation based on risk and environment.
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

GitHub GitHub 2026-W20

Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation — CVE-2025-8916

Summary

Product

What to do

Official advisory

Related advisories

Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.11

Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.11

Authlib: Cross-site request forging when using cache

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Important: firefox security update

Important: gimp:2.8 security update