CVE-2025-14813 | THREATINT

Description

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

PUBLISHED Reserved 2025-12-17 | Published 2026-04-15 | Updated 2026-05-18 | Assigner bcorg

CRITICAL: 9.3CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/RE:M/U:Red

Problem types

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status

unaffected

1.59 (maven) before 1.80.2

affected

1.81 (maven) before 1.81.1

affected

1.82 (maven) before 1.84

affected

Credits

XlabAI Team of Tencent Xuanwu Lab finder

Atuin Automated Vulnerability Discovery Engine finder

Lili Tang, Guannan Wang, and Guancheng Li finder

References

github.com/bcgit/bc-java/wiki/CVE‐2025‐14813 vendor-advisory

github.com/...ommit/b42574345414e4b7c8051b16fa1fafe01c29871f patch

github.com/...ommit/701686cb0184cd9ae103c801b3581fdf95c6d4f3 patch

cve.org (CVE-2025-14813)

nvd.nist.gov (CVE-2025-14813)

Download JSON

help @ threatint.eu