CVE-2025-14813
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules).
CVSS
7.5
High
EPSS
0.3%
p23
KEV
—
Exploit Today
7
0-100
Published: Apr 15, 2026 · Last modified: Jul 16, 2026 · CWE-327
0.3%EPSS · 30 days0.3%
2026-06-302026-07-16
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
- github.comhttps://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3
- github.comhttps://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f
- github.comhttps://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11720
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11721
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:13631
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:14272
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:14276
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17668
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18054
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18055
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18059
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21772
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24977
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-14813
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2458640
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14813.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-209495.9 MED56.2%
——17Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.8dCVE-2020-254937.5 HIG55.2%
——17Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.8dCVE-2020-209505.9 MED54.4%
——16Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.8dCVE-2025-699299.8 CRI32.4%
——10An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format12dCVE-2026-55887.5 HIG31.4%
——9Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).
This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.
This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.13hCVE-2026-5008610.0 CRI21.0%
——6The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High).7d