N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-12194

GHSA ID

GHSA-jv6h-4262-q663

EPSS Score

0.01822%

CWE

CWE-400

Published

10/25/2025

Updated

10/28/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-12194

CVE-2025-12194: Bouncy Castle Vulnerable to Uncontrolled Resource Consumption

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCFB.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeGCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/SHA256NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeEngine.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCBC.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCTR.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCFB.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeGCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeEngine.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCBC.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeGCMSIV.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCTR.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA256NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA224NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA3NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHAKENativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA512NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA384NativeDigest.Java.

This issue affects Bouncy Castle for Java FIPS: from 2.1.0 through 2.1.1; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-12194

GHSA ID

GHSA-jv6h-4262-q663

EPSS Score

0.01822%

CWE

CWE-400

Published

10/25/2025

Updated

10/28/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.bouncycastle:bc-fips	maven	>= 2.1.0, <= 2.1.1	2.1.2
org.bouncycastle:bcprov-debug-lts8on	maven	>= 2.73.0, <= 2.73.7	2.73.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Un*ontroll** R*sour** *onsumption vuln*r**ility in L**ion o* t** *oun*y **stl* In*. *oun*y **stl* *or J*v* *IPS **-*ips on *ll (*PI mo*ul*s), L**ion o* t** *oun*y **stl* In*. *oun*y **stl* *or J*v* LTS **prov-lts*on on *ll (*PI mo*ul*s) *llows *x**ss

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-12194: Bouncy Castle Vulnerable to Uncontrolled Resource Consumption

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI