{"api_version":"1","generated_at":"2026-05-13T03:12:02+00:00","cve":"CVE-2025-8916","urls":{"html":"https://cve.report/CVE-2025-8916","api":"https://cve.report/api/cve/CVE-2025-8916.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-8916","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-8916"},"summary":{"title":"Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer","description":"Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.\n\nThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.","state":"PUBLISHED","assigner":"bcorg","published_at":"2025-08-13 10:15:27","updated_at":"2026-05-12 13:17:29"},"problem_types":["CWE-770","CWE-770 CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":[{"version":"4.0","source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:U/V:X/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:U/V:X/RE:M/U:Amber","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"NOT_DEFINED","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber","data":{"Automatable":"NOT_DEFINED","Recovery":"USER","Safety":"PRESENT","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":6.3,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916","name":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916","refsource":"91579145-5d7b-4cc5-b925-a0262ff19630","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-8916","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8916","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Legion of the Bouncy Castle Inc.","product":"BC Java","version":"affected 1.44 1.78 maven","platforms":["All"]},{"source":"CNA","vendor":"Legion of the Bouncy Castle Inc.","product":"BC Java","version":"affected 1.44 1.78 maven","platforms":["All"]},{"source":"CNA","vendor":"Legion of the Bouncy Castle Inc.","product":"BCPKIX FIPS","version":"affected 1.0.0 1.0.7 maven","platforms":["All"]},{"source":"CNA","vendor":"Legion of the Bouncy Castle Inc.","product":"BCPKIX FIPS","version":"affected 2.0.0 2.0.7 maven","platforms":["All"]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC CN 4100","version":"affected V5.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Bing Shi","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"8916","cve":"CVE-2025-8916","epss":"0.000850000","percentile":"0.243940000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-8916","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-08-13T13:13:37.616496Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-08-13T13:13:54.247Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC CN 4100","vendor":"Siemens","versions":[{"lessThan":"V5.0","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:02:38.443Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"collectionURL":"https://repo1.maven.org/maven2/org/bouncycastle","defaultStatus":"unaffected","modules":["API"],"packageName":"bcpkix","platforms":["All"],"product":"BC Java","programFiles":["https://github.com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java"],"repo":"https://github.com/bcgit/bc-java","vendor":"Legion of the Bouncy Castle Inc.","versions":[{"lessThanOrEqual":"1.78","status":"affected","version":"1.44","versionType":"maven"}]},{"collectionURL":"https://repo1.maven.org/maven2/org/bouncycastle","defaultStatus":"unaffected","modules":["API"],"packageName":"bcprov","platforms":["All"],"product":"BC Java","programFiles":["https://github.com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java"],"repo":"https://github.com/bcgit/bc-java","vendor":"Legion of the Bouncy Castle Inc.","versions":[{"lessThanOrEqual":"1.78","status":"affected","version":"1.44","versionType":"maven"}]},{"collectionURL":"https://repo1.maven.org/maven2/org/bouncycastle","defaultStatus":"unaffected","modules":["API"],"packageName":"bcpkix-fips","platforms":["All"],"product":"BCPKIX FIPS","vendor":"Legion of the Bouncy Castle Inc.","versions":[{"lessThanOrEqual":"1.0.7","status":"affected","version":"1.0.0","versionType":"maven"},{"lessThanOrEqual":"2.0.7","status":"affected","version":"2.0.0","versionType":"maven"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."}],"value":"For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."}],"credits":[{"lang":"en","type":"finder","value":"Bing Shi"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation.<p> This vulnerability is associated with program files <tt>https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java</tt>, <tt>https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java</tt>.</p><p>This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.</p>"}],"value":"Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.\n\nThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7."}],"impacts":[{"capecId":"CAPEC-130","descriptions":[{"lang":"en","value":"CAPEC-130 Excessive Allocation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"USER","Safety":"PRESENT","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":6.3,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770 Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-09-12T11:17:08.609Z","orgId":"91579145-5d7b-4cc5-b925-a0262ff19630","shortName":"bcorg"},"references":[{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916"}],"source":{"discovery":"EXTERNAL"},"title":"Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."}],"value":"Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."}],"x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"91579145-5d7b-4cc5-b925-a0262ff19630","assignerShortName":"bcorg","cveId":"CVE-2025-8916","datePublished":"2025-08-13T09:31:21.181Z","dateReserved":"2025-08-13T08:52:38.480Z","dateUpdated":"2026-05-12T12:02:38.443Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-08-13 10:15:27","lastModifiedDate":"2026-05-12 13:17:29","problem_types":["CWE-770","CWE-770 CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":{"cvssMetricV40":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:U/V:X/RE:M/U:Amber","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"NOT_DEFINED","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"8916","Ordinal":"1","Title":"Possible DOS in processing large name constraint structures in P","CVE":"CVE-2025-8916","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"8916","Ordinal":"1","NoteData":"Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.\n\nThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.","Type":"Description","Title":"Possible DOS in processing large name constraint structures in P"}]}}}