CVE-2025-66559

| EUVD-2025-201290 HIGH
2025-12-04 [email protected]
Information Disclosure
8.0
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 16:35 euvd
EUVD-2025-201290
Analysis Generated
Mar 15, 2026 - 16:35 vuln.today
CVE Published
Dec 04, 2025 - 23:15 nvd
HIGH 8.0

DescriptionNVD

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

AnalysisAI

A security vulnerability in Taiko Alethia (CVSS 8.0). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-129 (Improper Array Index Validation). CVSS 8.0 indicates high severity. Affects Taiko Alethia.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-66559 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy