Use of a Broken or Risky Cryptographic Algorithm in org.bouncycastle:bcprov-debug-jdk14

CVE-2025-14813

org.bouncycastle:bcprov-debug-jdk14
org.bouncycastle:bcprov-debug-jdk18on
org.bouncycastle:bcprov-debug-jdk15to18
org.bouncycastle:bcprov-jdk14
org.bouncycastle:bcprov-jdk18on
org.bouncycastle:bcprov-jdk15to18

High

9.3/10

Summary

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 prior to 1.84.

Attack Complexity: LOW
Attack Vector: LOCAL
User Interaction: NONE
Privileges Required: NONE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

Advisory
Issue

Advisory Timeline

Published Apr 15, 2026

Use of a Broken or Risky Cryptographic Algorithm in org.bouncycastle:bcprov-debug-jdk14

CVE-2025-14813

Summary

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS