The Bitcoin core team has disclosed 4 new low severity advisories for the Bitcoin network.
According to Michael Ford, head of Bitcoin software maintenance, the reviews, initially five, saw one move from low to medium severity, limiting it to just four disclosures.
The disclosures include “CVE-2025-46598 – CPU DoS from unconfirmed transaction processing”, an issue considered low severity with a patch released on October 10, 2025 in Bitcoin Core v30.0.
The disclosure is that of a resource exhaustion issue when processing an unconfirmed transaction. Here, an attacker could send specially crafted unconfirmed transactions that would take a few seconds each to a victim node to validate. Non-standard transactions would be rejected, but would not result in a disconnection, and the process could be repeated. This could be exploited to delay block propagation.
4 new low severity advisors have been released:
– Bitcoin Core Project (@bitcoincoreorg) October 24, 2025
The second disclosure is “CVE-2025-46597 – Remote crash highly unlikely on 32-bit systems”, an issue considered low severity with a patch released on October 10, 2025 in Bitcoin Core v30.0.
The disclosure reveals details of a bug on 32-bit systems, which can, in rare extreme cases, cause the node to crash when receiving a pathological block. This bug, according to the developers, would be extremely difficult to exploit.
Other Disclosures, New Bitcoin Core Versions Released
The third disclosure is “CVE-2025-54604 – Disk fill from spoofed automatic logins”, an issue considered low severity with a patch released on October 10, 2025 in Bitcoin Core v30.0.
The disclosure includes details about a log padding bug that allowed an attacker to fill a victim node’s disk space by simulating self-connects. The exploitability of this bug is limited and it would take a long time before the victim runs out of disk space.
The fourth disclosure is “CVE-2025-54605 – Disk fill from invalid blocks”, an issue considered low severity, with a fix released on October 10, 2025 in Bitcoin Core v30.0.
This saw a log filling bug that allowed an attacker to cause a victim node to fill up its disk space by repeatedly sending invalid blocks. The exploitability of this bug is limited.
The Bitcoin Core team has announced the release of Bitcoin Core versions v29.2 and v28.3, with the v.27 branch having now reached its end of life.