Hi everyone, In accordance with our security disclosure policy, i am sharing today four advisories for *low-severity* security vulnerabilities fixed in Bitcoin Core version 30.0.
Two weeks ago we pre-announced that we would release advisories for five low-severity vulnerabilities. One of these has since been promoted to medium severity, and its public disclosure has therefore been rescheduled in accordance with our policy. The four vulnerabilities publicly disclosed today are the following: - CVE-2025-54604: Disk filling from spoofed self connections [0] - CVE-2025-54605: Disk filling from invalid blocks [1] - CVE-2025-46597: Highly unlikely remote crash on 32-bit systems [2] - CVE-2025-46598: CPU DoS from unconfirmed transaction processing [3] The fixes for CVE-2025-54604, CVE-2025-54605 and CVE-2025-46597 are also included in Bitcoin Core version 29.1 and later minor releases. Thanks to Eugene Siegel, Niklas Goegge and Pieter Wuille for reporting these issues and to everyone involved in fixing them. Our disclosure policy as well as previously disclosed vulnerabilities are available on the Bitcoin Core website at [4]. Antoine Poinsot [0]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54604/ [1]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54605/ [2]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/ [3]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/ [4]: https://bitcoincore.org/en/security-advisories/ -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng%3D%40protonmail.com.
