Uncontrolled Resource Consumption in Bouncy Castle BC-FJA 2.1.0
CVE-2025-9092 Published on August 16, 2025
Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader.
This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2025-9092 has been classified to as a Resource Exhaustion vulnerability or weakness.
Affected Versions
Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0:- Version BC-FJA 2.1.0, <= 2.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.