CVE-2025-9092 LOW

CVE-2025-9092: Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion

Vendor Legion Of The Bouncy Castle Inc.
Product Bouncy Castle for Java - BC-FJA 2.1.0
Weakness CWE-400
Published August 16, 2025
Last update August 18, 2025

CVSS base score

1.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/R:U/RE:L/U:Green

What the vulnerability does

01Description

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0.

Key dates

02Disclosure timeline

August 16, 2025 CVE published
August 18, 2025 Record updated