CVE-2025-8885 Overview
CVE-2025-8885 affects the Legion of the Bouncy Castle BC Java (bcprov) and BC-FJA (bc-fips) cryptographic libraries. The flaw resides in ASN1ObjectIdentifier.java and allows excessive memory allocation when parsing crafted ASN.1 input. An attacker can send specially constructed data to a service that uses Bouncy Castle for cryptographic or certificate processing. This triggers unbounded resource allocation, leading to a denial-of-service condition. The vulnerability is classified under CWE-770: Allocation of Resources Without Limits or Throttling. It impacts BC Java versions 1.0 through 1.77, BC-FJA 1.0.0 through 1.0.2.5, and BC-FJA 2.0.0 through 2.0.1.
Critical Impact
Remote attackers can exhaust memory on systems parsing untrusted ASN.1 object identifiers, causing application-level denial of service across any Java service relying on vulnerable Bouncy Castle versions.
Affected Products
- Legion of the Bouncy Castle BC Java (bcprov) versions 1.0 through 1.77
- Legion of the Bouncy Castle BC-FJA (bc-fips) versions 1.0.0 through 1.0.2.5
- Legion of the Bouncy Castle BC-FJA (bc-fips) versions 2.0.0 through 2.0.1
Discovery Timeline
- 2025-08-12 - CVE-2025-8885 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-8885
Vulnerability Analysis
The vulnerability is a resource-exhaustion denial-of-service issue in Bouncy Castle's ASN.1 parsing layer. Bouncy Castle is a widely deployed Java cryptography provider used for TLS, S/MIME, PKCS, X.509 certificate processing, and JCE operations. The defective code path lives in ASN1ObjectIdentifier.java, which decodes Object Identifiers (OIDs) from DER or BER encoded streams.
When the parser processes a malicious OID encoding, it allocates memory proportional to attacker-controlled length fields without enforcing a sane upper bound. Applications that decode certificates, signed messages, or other ASN.1 structures from untrusted sources can be forced into excessive heap allocation. This degrades service availability and may crash the host JVM with an OutOfMemoryError.
Root Cause
The root cause is missing input throttling on the size of OID encodings parsed by ASN1ObjectIdentifier. The implementation trusts length-derived values from the input stream and allocates buffers or accumulators without first validating that the requested size is bounded. This matches the CWE-770 pattern, where resource allocation occurs without limits or quotas.
Attack Vector
The attack is network-reachable and requires no authentication or user interaction. Any endpoint that parses ASN.1 payloads with vulnerable Bouncy Castle code is exposed. Typical exposure surfaces include TLS handshake processing, certificate validation, JWT/JWS verification using X.509 chains, PKCS#7 and CMS message parsing, and LDAP or OCSP responders. An attacker submits a single crafted message or certificate to trigger the allocation, with no follow-on access required.
No verified public exploit code is available. The vulnerability mechanism is documented in the Bouncy Castle CVE-2025-8885 Wiki.
Detection Methods for CVE-2025-8885
Indicators of Compromise
- Java applications terminating with java.lang.OutOfMemoryError: Java heap space shortly after receiving external ASN.1, certificate, or signed-message input.
- Sudden, sustained JVM heap growth correlated with inbound TLS handshakes, OCSP responses, or PKCS/CMS message processing.
- Repeated crashes or restarts of services using bcprov-jdk* or bc-fips JARs at vulnerable versions.
Detection Strategies
- Inventory all Java applications and identify dependencies on bcprov, bcprov-jdk15on, bcprov-jdk18on, and bc-fips using a software bill of materials (SBOM) or build-tool dependency reports.
- Flag any artifact at or below the affected versions (bcprov ≤ 1.77, bc-fips ≤ 1.0.2.5 in the 1.x line, bc-fips ≤ 2.0.1 in the 2.x line).
- Use SCA tools to continuously match deployed JARs against the vulnerable version ranges.
Monitoring Recommendations
- Monitor JVM heap utilization, garbage collection frequency, and OutOfMemoryError events on services exposing certificate or ASN.1 parsing endpoints.
- Track anomalous TLS handshake failure rates and oversized client certificate submissions at the load balancer or reverse proxy.
- Alert on process restarts of Java services that handle untrusted cryptographic input, and correlate with source IP for repeated triggers.
How to Mitigate CVE-2025-8885
Immediate Actions Required
- Upgrade bcprov to version 1.78 or later, and bc-fips to a fixed release beyond 1.0.2.5 or 2.0.1 as published by the Bouncy Castle project.
- Audit all transitive dependencies, including shaded or repackaged Bouncy Castle copies inside fat JARs and vendor distributions.
- Restart affected Java services after upgrading to ensure no classloader retains the vulnerable classes.
Patch Information
The Bouncy Castle project documents the fix and affected version ranges in the official CVE-2025-8885 Wiki entry. Consumers should pull the latest bcprov and bc-fips artifacts from Maven Central and update dependency declarations accordingly.
Workarounds
- Place ASN.1-parsing services behind a reverse proxy that enforces strict size limits on inbound certificates, TLS messages, and signed payloads.
- Apply JVM heap caps and per-request memory quotas so a single malicious input cannot exhaust the entire process.
- Restrict which network peers may submit client certificates or signed messages, reducing exposure where authentication or allowlisting is feasible.
# Maven dependency upgrade example - replace vulnerable bcprov with a fixed release
mvn versions:use-dep-version -Dincludes=org.bouncycastle:bcprov-jdk18on -DdepVersion=1.78 -DforceVersion=true
# Gradle: pin a non-vulnerable version in build.gradle
# implementation 'org.bouncycastle:bcprov-jdk18on:1.78'
# Verify deployed artifact versions
find / -name 'bcprov*.jar' -o -name 'bc-fips*.jar' 2>/dev/null
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
