CVE-2025-12194 is a medium severity vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) found in Legion of the Bouncy Castle Inc.'s Bouncy Castle for Java FIPS and LTS cryptographic libraries. The flaw resides in multiple native Java implementations of AES encryption modes (CFB, GCM, CBC, CTR, CCM, GCMSIV) and SHA digests (SHA-256, SHA-224, SHA-3, SHAKE, SHA-512, SHA-384), specifically in files such as AESNativeCFB.Java and SHA256NativeDigest.Java. The vulnerability allows an attacker to trigger excessive memory allocation during cryptographic operations, which can lead to resource exhaustion and denial of service (DoS). The issue affects all API modules in versions 2.1.0 through 2.1.1 for the FIPS variant and 2.73.0 through 2.73.7 for the LTS variant. Exploitation requires local access with low complexity and no user interaction, but no privileges are required. The CVSS 4.0 base score is 5.9 (medium), reflecting moderate impact primarily on availability with no direct confidentiality or integrity compromise. No public exploits have been reported yet. The vulnerability is significant because Bouncy Castle is widely used in Java applications for cryptographic functions, including in enterprise and government software. Uncontrolled resource consumption can degrade system performance or cause crashes, impacting service availability. The vulnerability is not network exploitable directly but could be leveraged by an attacker with local access or through compromised application components. The absence of patches at the time of reporting necessitates proactive mitigation strategies.

For European organizations, this vulnerability poses a risk of denial of service in Java applications that utilize affected versions of Bouncy Castle for cryptographic operations. Critical services relying on these libraries may experience performance degradation or outages due to excessive memory consumption. This can affect sectors such as finance, healthcare, government, and telecommunications where cryptographic integrity and availability are essential. The impact is particularly concerning for environments with multi-tenant applications or cloud services where resource exhaustion can cascade and affect multiple users. Additionally, organizations with compliance requirements for cryptographic standards (e.g., GDPR, eIDAS) may face operational and regulatory challenges if cryptographic services become unavailable. Although exploitation requires local access, insider threats or compromised application components could trigger the vulnerability. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Monitor and audit resource usage of Java applications using Bouncy Castle libraries to detect abnormal memory consumption patterns. 2. Restrict local access to systems running vulnerable versions to trusted personnel only, minimizing risk of exploitation. 3. Implement application-level input validation and rate limiting to reduce the chance of triggering excessive allocations. 4. Prepare to upgrade to patched versions of Bouncy Castle for Java FIPS and LTS once they are released by the vendor. 5. Consider deploying runtime application self-protection (RASP) or memory usage monitoring tools to detect and mitigate resource exhaustion attempts. 6. Review and harden application deployment environments to limit the impact of potential DoS conditions, including container resource limits and JVM tuning. 7. Engage with software vendors and development teams to identify and remediate usage of affected Bouncy Castle versions in internal and third-party applications. 8. Maintain incident response plans that include scenarios for cryptographic service disruption.