anonhaven
Ad

CVE-2025-14813

CRITICAL CVSS 4.0: 9.3
Updated Apr 17, 2026
Java
Parameter Value
CVSS 9.3 (CRITICAL)
Affected Versions before 1.84.
Type CWE-327 (Weak Crypto Algorithm)
Vendor Java
Public PoC No

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly.

This issue affects BC-JAVA: from 1.59 before 1.84.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-327 Weak Crypto Algorithm

References 3

https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3
91579145-5d7b-4cc5-b925-a0262ff19630
https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f
91579145-5d7b-4cc5-b925-a0262ff19630
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813
91579145-5d7b-4cc5-b925-a0262ff19630
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33207

Java

8.6

CVE-2026-5598

Java

10.0

CVE-2026-5588

Java

6.3

CVE-2026-3505

Java

8.7

CVE-2026-0636

Java

5.5