Public disclosure of 4 Bitcoin Core security advisories

Initially, five vulnerabilities were slated for disclosure; however, one was subsequently reassessed as medium severity and its disclosure has been postponed in line with the team's security protocols. The vulnerabilities addressed include issues that could potentially lead to disk space exhaustion through spoofed self-connections (CVE-2025-54604) and invalid blocks (CVE-2025-54605), a remote crash scenario on 32-bit systems deemed highly unlikely (CVE-2025-46597), and a CPU Denial of Service (DoS) triggered by processing unconfirmed transactions (CVE-2025-46598).

Significantly, patches for three of these vulnerabilities, specifically CVE-2025-54604, CVE-2025-54605, and CVE-2025-46597, had already been incorporated into Bitcoin Core version 29.1, alongside subsequent minor releases, ensuring a broader coverage of protection across versions. This proactive approach to vulnerability management underscores the development team's dedication to the security and integrity of the Bitcoin Core software.

Contributions from community members such as Eugene Siegel, Niklas Goegge, and Pieter Wuille were pivotal in identifying these vulnerabilities. Their collaboration highlights the critical role that the community plays in safeguarding the ecosystem against potential threats. Furthermore, the Bitcoin Core team has made their disclosure policy publicly accessible, along with details of previously disclosed vulnerabilities, fostering transparency and enabling users to stay informed about the security posture of the software. This information can be found on the Bitcoin Core website (Bitcoin Core Security).