CVE-2025-46598

| EUVD-2025-208889 MEDIUM
2026-03-20 mitre
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 20, 2026 - 15:15 vuln.today
EUVD ID Assigned
Mar 20, 2026 - 15:15 euvd
EUVD-2025-208889
CVE Published
Mar 20, 2026 - 00:00 nvd
MEDIUM 5.3

Tags

Denial Of Service

Description

Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

Analysis

Bitcoin Core versions through 29.0 contain a denial of service vulnerability that can be triggered by a specially crafted transaction. An attacker with network access can send a malicious transaction to cause the affected Bitcoin Core node to become unresponsive or crash, disrupting normal operation of the node. No CVSS score, EPSS data, or active exploitation in the wild has been disclosed, but the vulnerability has been formally disclosed by the Bitcoin Core project.

Technical Context

Bitcoin Core is the reference implementation of the Bitcoin protocol, written in C++, and handles the validation, relay, and storage of blockchain transactions. The vulnerability exists in the transaction processing logic and can be triggered by a crafted transaction that exploits improper input validation or resource handling within the transaction validation or mempool management subsystem. The root cause appears to be related to improper handling of transaction inputs that allows an attacker to exhaust resources (CPU, memory, or locks) on a target node. This class of vulnerability typically falls under improper input validation or resource exhaustion categories (CWE-400 or similar), though the specific CWE has not been disclosed by the vendor.

Affected Products

Bitcoin Core versions through and including 29.0 are affected by this vulnerability. The affected software is identified by CPE cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:* (note: the CPE appears incomplete in the disclosure data). Bitcoin Core is maintained by the Bitcoin project and details regarding affected versions and patched releases should be consulted at the official Bitcoin Core releases page (https://github.com/bitcoin/bitcoin/releases) and the Bitcoin Core security advisory (https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/). Node operators running version 29.0 or earlier are potentially vulnerable.

Remediation

Immediately upgrade Bitcoin Core to a patched version released after October 24, 2025. Check the official Bitcoin Core GitHub releases page (https://github.com/bitcoin/bitcoin/releases) and the security advisory (https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/) for the recommended minimum version. If immediate patching is not possible, implement network-layer mitigations such as restricting inbound peer connections to trusted nodes only, using a reverse proxy or firewall to rate-limit or block suspicious transaction patterns, and monitoring node logs for signs of resource exhaustion or crashes. For critical infrastructure, consider temporarily running multiple redundant nodes with staggered upgrades to maintain availability during the patching window.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Share

CVE-2025-46598 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy