CVE-2025-66559

216.73.217.22

· Published 04/12/2025 23:15 · Modified 08/12/2025 18:27

Labels: CVE-2025-66559 2025-12-04 CVE-2025-66559 CWE-129 [email protected]

Essential information

Published: 04/12/2025 23:15
Modified: 08/12/2025 18:27
Author: —
Creator: —
CVSS: 8.0 HIGH (v3) 8.0 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

CVE-2025-66559

Essential information

CVSS metrics

Description

NVD status

References