Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
The Bitcoin core team has disclosed 4 new low severity level advisories for the Bitcoin network.
According to Michael Ford, a Bitcoin software maintainer, the advisories, initially five, saw one of them upgraded from low to medium severity, limiting it to only four disclosures.
The disclosures include "CVE-2025-46598 - CPU DoS from unconfirmed transaction processing," an issue considered low severity with a fix released on October 10, 2025 in Bitcoin Core v30.0.
The disclosure is that of a resource exhaustion issue when processing an unconfirmed transaction. Here, an attacker could send specially-crafted unconfirmed transactions that would take a victim node a few seconds each to validate. The non-standard transactions would be rejected, although not leading to a disconnection, and the process could be repeated. This could be exploited to delay block propagation.
The second disclosure is "CVE-2025-46597 - Highly unlikely remote crash on 32-bit systems," an issue considered low severity with a fix released on October 10, 2025, in Bitcoin Core v30.0.
The disclosure reveals details of a bug on 32-bit systems, which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug, according to developers, would be extremely hard to exploit.
Other disclosures, new Bitcoin Core versions released
The third disclosure is "CVE-2025-54604 - Disk filling from spoofed self connections," an issue considered low severity with a fix released on October 10, 2025, in Bitcoin Core v30.0.
The disclosure includes details of a log-filling bug which allowed an attacker to fill up the disk space of a victim node by faking self-connections. Exploitability of this bug is limited, and it would take a long time before it would cause the victim to run out of disk space.
The fourth disclosure is "CVE-2025-54605 - Disk filling from invalid blocks," an issue considered low severity, with a fix released on October 10, 2025, in Bitcoin Core v30.0.
This saw a log-filling bug which allowed an attacker to cause a victim node to fill up its disk space by repeatedly sending invalid blocks. The exploitability of this bug is limited.
The Bitcoin Core team has announced the release of Bitcoin Core versions v29.2 and v28.3, as the v.27 branch has now reached its end of life.
Dan Burgin
Vladislav Sopov
U.Today Editorial Team