The Bitcoin Core team has disclosed four new low-severity advisories affecting the Bitcoin network. Initially, five advisories were reported; however, Michael Ford, a Bitcoin software maintainer, confirmed that one advisory was upgraded from low to medium severity, bringing the total low-severity disclosures to four.
### Advisory Details
**1. CVE-2025-46598: CPU DoS from Unconfirmed Transaction Processing**
This low-severity issue involves a resource exhaustion vulnerability when processing unconfirmed transactions. An attacker could send specially crafted unconfirmed transactions that require the victim node several seconds each to validate. Although these non-standard transactions would ultimately be rejected (without causing disconnections), this behavior could be exploited repeatedly to delay block propagation. The fix for this vulnerability was released on October 10, 2025, in Bitcoin Core v30.0.
**2. CVE-2025-46597: Highly Unlikely Remote Crash on 32-bit Systems**
Also classified as low severity, this bug affects 32-bit systems. In rare edge cases, receiving a pathological block could cause the node to crash. According to developers, exploiting this vulnerability is extremely difficult. The fix was included in Bitcoin Core v30.0, released on October 10, 2025.
**3. CVE-2025-54604: Disk Filling from Spoofed Self Connections**
This advisory addresses a log-filling bug that allows an attacker to fill up the disk space of a victim node by faking self-connections. While the exploitability is limited, and it would take considerable time to fill the disk space completely, the issue could impact node functionality. The patch was released in Bitcoin Core v30.0 on October 10, 2025.
**4. CVE-2025-54605: Disk Filling from Invalid Blocks**
Similar to the previous issue, this low-severity bug lets an attacker cause disk space exhaustion by repeatedly sending invalid blocks, which trigger extensive log entries. Exploitability remains limited due to the time required to fill the disk. The fix was included in Bitcoin Core v30.0, released on October 10, 2025.
### Additional Updates
Alongside the security fixes, the Bitcoin Core team has announced new releases: Bitcoin Core v29.2 and v28.3 are now available. The v27 branch has officially reached its end of life and will no longer receive updates.
—
Users are encouraged to upgrade to the latest Bitcoin Core versions to ensure protection against these vulnerabilities and maintain network security.
https://u.today/bitcoin-core-drops-four-new-security-alerts-whats-at-risk
