Base Score

NONE0

CVE-2025-9340

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.

VectorPHYSICAL

Published By91579145-5d7b-4cc5-b925-a0262ff19630

Published DateAug 22, 2025, 10:15

Affected Versions(1)

org.bouncycastle:bc-fips(Maven)

Introduced2.1.0

Fixed2.1.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.bouncycastle:bc-fips(Maven)	2.1.0	2.1.1	N/A

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

Vector String

CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:X/RE:M/U:Green

Base Severity

NONE

Version

4.0

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%909340

Base Score

NONE0

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

Vector String

CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:X/RE:M/U:Green

Base Severity

NONE

Version

4.0

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)