What is CVE-2025-8916?

CVE-2025-8916 is a medium-severity vulnerability in Legion of the Bouncy Castle Inc. BC Java. It allows excessive allocation due to the allocation of resources without limits or throttling. Organizations should address this vulnerability in their patch cycle.

What is the severity of CVE-2025-8916?

CVE-2025-8916 has a severity rating of MEDIUM with a CVSS base score of 6.3.

CVE-2025-8916 | Medium Vulnerability in Legion of the Bouncy Castle Inc. BC Java

CVE-2025-8916 is a medium-severity vulnerability affecting the Legion of the Bouncy Castle Inc. BC Java libraries. It involves the allocation of resources without limits or throttling, potentially leading to excessive resource consumption. With a CVSS score of 6.3, this vulnerability poses a moderate risk to organizations utilizing the affected libraries. The issue is especially relevant for those deploying applications that rely on these cryptographic APIs.

The vulnerability affects multiple components: BC Java bcpkix and bcprov on all API modules, as well as BCPKIX FIPS bcpkix-fips across all API modules. Given its nature, organizations using these libraries should be vigilant, as the potential for resource exhaustion may lead to service degradation.

The vulnerability was published on August 13, 2025, and is classified under CWE-770. As of now, there are no known exploits in the wild, but organizations should prioritize remediation given the potential impact.

Organizations should address this vulnerability in their patch cycle to mitigate risks associated with excessive resource allocation.

Vulnerability Details

The vulnerability allows excessive allocation of resources in Legion of the Bouncy Castle Inc. BC Java libraries, specifically in the bcpkix and bcprov components, as well as in BCPKIX FIPS. The affected versions span from 1.44 to 1.78 for BC Java and from 1.0.0 to 2.0.7 for BCPKIX FIPS.

The CVSS score of 6.3 indicates a medium severity level, which requires organizations to take this vulnerability seriously. The attack vector is classified as NETWORK, and the attack complexity is low, meaning that an attacker may exploit this vulnerability without significant obstacles.

Technical Analysis

The root cause of this vulnerability lies in the inadequate management of resource allocation within the affected libraries. Resources are allocated without appropriate limits or throttling mechanisms, allowing for excessive consumption, which can lead to denial of service conditions.

The attack vector is network-based, and the complexity is low. No privileges are required for exploitation, and user interaction is not necessary. The impact on availability is low, but organizations should be aware of the potential for resource exhaustion.

Risk & Impact Analysis

Risk to organizations includes potential denial of service due to excessive resource allocation. This vulnerability could allow an attacker to exhaust resources, leading to degraded performance or service outages. The impact of such an incident can be significant, especially for organizations relying on the availability of these cryptographic services.

Given the CVSS score of 6.3, organizations should address this vulnerability in their patch cycle. The urgency is categorized as moderate, and organizations should schedule remediation as part of their security maintenance practices.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions for BC Java include 1.44 through 1.78 for both bcpkix and bcprov components. Additionally, BCPKIX FIPS is affected in versions from 1.0.0 through 1.0.7 and from 2.0.0 through 2.0.7.

Mitigation & Remediation

Organizations should prioritize patching to the latest versions of the BC Java libraries to mitigate this vulnerability. If patches are unavailable, consider implementing resource allocation limits in your applications leveraging these libraries.

It is also advisable to review and harden configurations to prevent excessive resource allocation and monitor for any unusual activity related to the use of these libraries.

Detection Guidance

Monitoring logs for anomalies in resource usage can help detect potential exploitation attempts. Look for patterns indicating excessive resource consumption that could align with the characteristics of this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-8916 highlights ongoing challenges in resource management within cryptographic libraries. Organizations must remain vigilant and proactive in their security posture, especially as such vulnerabilities can lead to service availability issues.

Security teams should consider this vulnerability as part of a broader strategy to manage risks associated with third-party libraries and ensure that their applications are resilient against potential exploits.

Organizations looking to strengthen their defenses should engage in regular security assessments and consider services such as penetration testing to identify and remediate similar vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-8916: Medium Vulnerability in Legion of the Bouncy Castle Inc. BC Java