CVE‐2025‐9092

Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion

Issue affecting: BC-FJA 2.1.0

Fixed versions: BC-FJA 2.1.1

Platform affected: All JVMs.

In multi-JVM environments BC-FJA 2.1.0 could be found to create many library directories for the .so files required for native support, even though the files contained in the directories could have been shared. This could lead to server fragility, particularly in the case where it was difficult to identify which library directories were in use and which were not, with the subsequent strain on resources leading to service failure.

The native loader has been modified in BC-FJA 2.1.1 to only write files out once, reusing an existing set where they can be verified to be the same as the ones that would have been written out.

Work around: Strictly limit the number of JVMs providing services based on BC-FJA 2.1.0 so that effective monitoring and cleanup is possible on the server involved, alternately ensure the module is configured to write its files for native support to a file system with sufficient capacity.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE‐2025‐9092

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally