CVE-2025-54605: 
Bitcoin Core vulnerability analysis and mitigation

CVE-2025-54605 is a disk-filling vulnerability discovered in Bitcoin Core through version 29.0. The vulnerability was disclosed on October 24, 2025, and affects Bitcoin Core's logging functionality. The issue allows an attacker to cause a victim node to fill up its disk space by repeatedly sending invalid blocks (Bitcoin Core Disclosure).

The vulnerability stems from Bitcoin Core's unconditional logging behavior when receiving blocks that fail basic sanity checks or blocks that branch off prior to the last checkpoint. By exploiting this behavior, an attacker could repeatedly send invalid blocks to a victim node, causing the node to continuously log these events and eventually exhaust the available disk space. The issue was assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The impact of this vulnerability is primarily focused on disk space exhaustion, which could lead to denial of service conditions for affected nodes. However, the exploitability is considered limited due to the extended time required to cause significant disk space issues (Bitcoin Core Disclosure).

The vulnerability was fixed in Bitcoin Core version 30.0, released on October 10, 2025. The fix implements log rate-limiting across the board, which prevents this and similar types of log-filling attacks. Users are advised to upgrade to Bitcoin Core version 30.0 or later (Bitcoin Core Release).

The vulnerability was responsibly disclosed by two independent researchers, Niklas Goegge and Eugene Siegel, who also collaborated on developing the fix. Credits were also given to contributor 'practicalswift' for previously raising concerns about disk-filling vectors in Bitcoin Core (Bitcoin Core Disclosure).