CVE-2025-9092

Summary

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader.

This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0.

Affected Software

VendorProductVersion RangeStatus
Legion of the Bouncy Castle Inc.Bouncy Castle for Java - BC-FJA 2.1.0BC-FJA 2.1.0 <= 2.1.0affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

Strictly limit the number of JVMs providing services based on BC-FJA 2.1.0 so that effective monitoring and cleanup is possible on the server involved, alternately ensure the module is configured to write its files for native support to a file system with sufficient capacity.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References