The Bitcoin Core team has officially disclosed four new low-severity level advisories for the Bitcoin network, aimed at enhancing the security and resilience of the distributed ledger technology. Initially, five advisories were identified, but one was subsequently upgraded from low to medium severity, as confirmed by Bitcoin software maintainer Michael Ford, leading to the current count of four public disclosures.

One of the notable disclosures is "CVE-2025-46598 - CPU DoS from unconfirmed transaction processing." This issue, categorized as low severity, addresses a resource exhaustion vulnerability. An attacker could exploit this by sending specially-crafted unconfirmed transactions, each designed to consume several seconds of CPU time for a victim node to validate. While these non-standard transactions would ultimately be rejected and would not cause a node disconnection, the repeated nature of such an attack could be used to significantly delay block propagation across the network. A fix for this vulnerability was released on October 10, 2025, as part of Bitcoin Core v30.0.

Another advisory, "CVE-2025-46597 - Highly unlikely remote crash on 32-bit systems," details a low-severity bug affecting 32-bit systems. This specific flaw could, in a rare edge case, cause a Bitcoin node to crash upon receiving a pathological block. Despite the potential for a crash, developers have indicated that this bug would be extremely difficult to exploit in practice. The resolution for this issue was also included in Bitcoin Core v30.0, released on October 10, 2025.

The third disclosed vulnerability is "CVE-2025-54604 - Disk filling from spoofed self connections." This low-severity advisory describes a log-filling bug that could enable an attacker to gradually exhaust the disk space of a victim node by faking self-connections. Although the exploitability of this bug is limited and it would require a prolonged period to significantly impact a victim's disk space, a fix was implemented in Bitcoin Core v30.0 on October 10, 2025.

Finally, "CVE-2025-54605 - Disk filling from invalid blocks" represents the fourth low-severity advisory. This details another log-filling bug where an attacker could cause a victim node's disk space to be consumed by repeatedly sending invalid blocks. Similar to the previous disk-filling vulnerability, the exploitability of this bug is considered limited. A corrective patch was released for this issue on October 10, 2025, within Bitcoin Core v30.0.

In addition to these security disclosures, the Bitcoin Core team has also announced the release of new Bitcoin Core versions, v29.2 and v28.3. This coincides with the v.27 branch of Bitcoin Core reaching its end-of-life, encouraging users to upgrade to the latest secure versions to maintain network integrity and access the latest features and security updates.