CVE-2025-14813 — Use of a Broken or Risky Cryptographic Algorithm in OF THE Bouncy Castle INC Bc-java

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.0%

top 99.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Legion OF THE Bouncy Castle INC Bc-java

Timeline

PublishedApr 15

Latest updateApr 17

Description

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 before 1.84.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages1 packages

▶CVEListV5legion_of_the_bouncy_castle_inc/bc-java1.59 — 1.84

🔴Vulnerability Details

GHSA

GHSA-574f-3g2m-x479: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc↗2026-04-17

▶

VulDB

Legion of the Bouncy Castle BC-JAVA up to 1.83 risky encryption↗2026-04-15

▶