CVE-2025-46597

| EUVD-2025-208891 HIGH
2026-03-20 mitre
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 20, 2026 - 15:52 vuln.today
EUVD ID Assigned
Mar 20, 2026 - 15:52 euvd
EUVD-2025-208891
CVE Published
Mar 20, 2026 - 00:00 nvd
HIGH 7.5

Tags

Integer Overflow Buffer Overflow

Description

Bitcoin Core 0.13.0 through 29.x has an integer overflow.

Analysis

Bitcoin Core versions 0.13.0 through 29.x contain an integer overflow vulnerability that could allow attackers to trigger unexpected behavior or crashes in affected nodes. This vulnerability affects a wide range of Bitcoin Core deployments spanning multiple major versions. While specific exploitation details remain limited due to the disclosure date and incomplete CVSS scoring, the integer overflow classification suggests potential for denial of service or memory corruption under specific conditions.

Technical Context

Bitcoin Core is the reference implementation of the Bitcoin protocol, handling consensus rules, transaction validation, and peer-to-peer networking. The vulnerability is classified as an integer overflow (with buffer overflow tags noted), which typically occurs in C/C++ code when arithmetic operations exceed data type boundaries without proper bounds checking. Integer overflows in Bitcoin Core could affect critical subsystems such as transaction processing, block validation, script execution, or memory management. The affected version range (0.13.0 through 29.x) represents approximately 8 years of releases, suggesting the flaw may have existed in foundational code or was introduced during a specific development period. The root cause class relates to improper input validation or arithmetic boundary handling.

Affected Products

Bitcoin Core versions 0.13.0 through 29.x are affected by this integer overflow vulnerability. The affected software is identified by the reference to https://github.com/bitcoin/bitcoin/releases and the official disclosure at https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/. The CPE metadata provided (cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:*) indicates incomplete CPE assignment; however, the affected product is Bitcoin Core across all versions from 0.13.0 through the current 29.x release line. All deployments running these versions, including full nodes, mining operations, exchange infrastructure, and payment processors, require immediate assessment and patching.

Remediation

Operators should immediately upgrade to the patched version of Bitcoin Core as specified in the official security advisory at https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/. Check the Bitcoin Core releases page (https://github.com/bitcoin/bitcoin/releases) for the specific patched version and download instructions. For organizations unable to patch immediately, implement network segmentation to limit exposure of vulnerable nodes to untrusted peers, disable unrequired RPC interfaces, and monitor logs for unusual behavior indicative of exploitation attempts. Consider running multiple Bitcoin Core instances with version diversity to reduce the impact of any single vulnerability. Exchanges and custodians handling high-value transactions should prioritize patching given the potential for consensus failures or transaction handling errors triggered by exploited integer overflows.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-46597 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy