CVE-2025-14813 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-14813 PUBLISHED CVSS 9.300000190734863 CRITICAL

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 before 1.84.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/RE:M/U:Red

Affected Products

Vendor	Product	Versions
Legion of the Bouncy Castle Inc.	BC-JAVA	1.59

Timeline

Apr 15, 2026 CVE Published
Apr 15, 2026 PoC Published
Apr 15, 2026 CVE Updated
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch

References

Open in Interactive Console →