diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50dfaff4b..0e269a9c6 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
 # 🚀Changelog
 
 -------------------------------------------------------------------------------------------------------------
-# 5.8.25(2024-01-09)
+# 5.8.25(2024-01-11)
 
 ### 🐣新特性
 * 【core  】      WatchServer新增通过Path获取WatchKey方法（pr#1145@Gitee）
@@ -17,6 +17,7 @@
 * 【core  】      修复金额转换为英文时缺少 trillion 单位问题（pr#3454@Github）
 * 【json  】      增加ParseConfig，通过增加maxNestingDepth参数避免StackOverflowError问题，修复CVE-2022-45688漏洞（issue#2748@Github）
 * 【system】      修复UserInfo中用户名加/问题（pr#3458@Github）
+* 【core  】      修复NumberUtil.toBigDecimal方法报StackOverflowError(CVE-2023-51080)（issue#3423@Github）
 
 -------------------------------------------------------------------------------------------------------------
 # 5.8.24(2023-12-23)
diff --git a/hutool-core/src/main/java/cn/hutool/core/util/NumberUtil.java b/hutool-core/src/main/java/cn/hutool/core/util/NumberUtil.java
index e5d748821..f99f658f7 100755
--- a/hutool-core/src/main/java/cn/hutool/core/util/NumberUtil.java
+++ b/hutool-core/src/main/java/cn/hutool/core/util/NumberUtil.java
@@ -2153,8 +2153,8 @@ public class NumberUtil {
 		if (number instanceof BigDecimal) {
 			return toStr((BigDecimal) number, isStripTrailingZeros);
 		}
-
 		Assert.isTrue(isValidNumber(number), "Number is non-finite!");
+
 		// 去掉小数点儿后多余的0
 		String string = number.toString();
 		if (isStripTrailingZeros) {
@@ -2212,6 +2212,8 @@ public class NumberUtil {
 		if (null == number) {
 			return BigDecimal.ZERO;
 		}
+		// issue#3423@Github of CVE-2023-51080
+		Assert.isTrue(isValidNumber(number), "Number is invalid!");
 
 		if (number instanceof BigDecimal) {
 			return (BigDecimal) number;
@@ -2247,7 +2249,8 @@ public class NumberUtil {
 		}
 
 		// 支持类似于 1,234.55 格式的数字
-		return toBigDecimal(parseNumber(numberStr));
+		final Number number = parseNumber(numberStr);
+		return toBigDecimal(number);
 	}
 
 	/**
@@ -2269,6 +2272,7 @@ public class NumberUtil {
 			return BigInteger.valueOf((Long) number);
 		}
 
+		Assert.isTrue(isValidNumber(number), "Number is invalid!");
 		return toBigInteger(number.longValue());
 	}
 
diff --git a/hutool-core/src/test/java/cn/hutool/core/util/Issue3423Test.java b/hutool-core/src/test/java/cn/hutool/core/util/Issue3423Test.java
new file mode 100644
index 000000000..a0f1b087c
--- /dev/null
+++ b/hutool-core/src/test/java/cn/hutool/core/util/Issue3423Test.java
@@ -0,0 +1,24 @@
+package cn.hutool.core.util;
+
+import cn.hutool.core.lang.Console;
+import org.junit.Test;
+
+import java.text.DecimalFormat;
+import java.text.NumberFormat;
+import java.text.ParseException;
+
+public class Issue3423Test {
+
+	@Test(expected = IllegalArgumentException.class)
+	public void toBigDecimalOfNaNTest() {
+		NumberUtil.toBigDecimal("NaN");
+	}
+
+	@Test
+	public void toBigDecimalOfNaNTest2() throws ParseException {
+		final NumberFormat format = NumberFormat.getInstance();
+		((DecimalFormat) format).setParseBigDecimal(true);
+		final Number naN = format.parse("NaN");
+		Console.log(naN.getClass());
+	}
+}