{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-46598", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T13:47:22.888Z", "dateReserved": "2025-04-25T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T15:09:29.503Z"}, "descriptions": [{"lang": "en", "value": "Bitcoin Core through 29.0 allows a denial of service via a crafted transaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/bitcoin/bitcoin/releases"}, {"url": "https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-405", "lang": "en", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T13:45:11.573375Z", "id": "CVE-2025-46598", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:47:22.888Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46598", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T13:45:11.573375Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:45:25.972Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/bitcoin/bitcoin/releases"}, {"url": "https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/"}], "descriptions": [{"lang": "en", "value": "Bitcoin Core through 29.0 allows a denial of service via a crafted transaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T15:09:29.503Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46598", "state": "PUBLISHED", "dateUpdated": "2026-03-23T13:47:22.888Z", "dateReserved": "2025-04-25T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "24777408-C394-47D1-8E69-5630DF67FC26", "versionEndExcluding": "0.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bitcoin Core through 29.0 allows a denial of service via a crafted transaction."}, {"lang": "es", "value": "Bitcoin Core hasta la versi\u00f3n 29.0 permite una denegaci\u00f3n de servicio a trav\u00e9s de una transacci\u00f3n manipulada."}], "id": "CVE-2025-46598", "lastModified": "2026-04-02T12:18:14.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T15:16:15.147", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/bitcoin/bitcoin/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-405"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,29.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "bitcoin_core", "vendor": "bitcoin"}], "analysis": {"en": {"generated_at": "2026-04-02T13:26:42.342584+00:00", "value": {"mitigation_remediation": ["Update to the newest Bitcoin Core release that includes the fix (currently available in the latest stable release).", "If an immediate upgrade is unavailable, monitor the node for abnormal transaction patterns and schedule an outage for patch deployment. ", "Check the Bitcoin Core release notes and community forums for additional guidance or interim mitigations."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Bitcoin Core software on all platforms that run the affected builds. All releases up to and including version 29.0 are susceptible; newer releases are not listed as affected in the advisories. Users running these versions under any operating system are at risk.", "description_and_impact": "Bitcoin Core versions through 29.0 are vulnerable to a denial of service condition caused by a specially crafted transaction. The flaw allows an attacker to create a transaction that, when processed by the node, can consume excessive resources or trigger internal errors, resulting in the node becoming unresponsive or unable to process further work. The weakness is classified as CWE-405, indicating a failure to validate input or guard against erroneous conditions, which in this case leads to lost availability of the affected service.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests that exploitation is considered unlikely under current threat conditions. The vulnerability is not in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to construct a specific transaction and broadcast it to a target node, which may require some level of network access to the node or a broader network presence. The impact is limited to the faulty node, but repeated activations could degrade network performance if many nodes are affected."}}}}, "created": "2026-03-23T09:53:33.344090+00:00", "updated": "2026-04-02T20:23:21.187332+00:00", "vendors": ["bitcoin", "bitcoin$PRODUCT$bitcoin_core"]}