CVE-2025-66559

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-66559

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66559.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-66559

Aliases

GHSA-5mxh-r33p-6h5x

Published

2025-12-04T22:23:55.608Z

Modified

2026-03-14T12:46:52.621810Z

Severity

8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Taiko Alethia Pacaya inbox verification pointer corruption

Details

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66559.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-129"
    ]
}

References

Affected packages

Git / github.com/taikoxyz/taiko-mono

Affected ranges

Type: GIT
Repo: https://github.com/taikoxyz/taiko-mono
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

379f5cb4ffe9e1945563ab2c7740bc9f4ea004d8

Affected versions

blobstorage-v0.*

blobstorage-v0.2.0

branding-v0.*

branding-v0.4.0

bridge-ui-v2.*

bridge-ui-v2.11.0

bridge-ui-v2.12.0

bridge-ui-v2.13.0

bridge-ui-v2.14.0

fork-diff-v0.*

fork-diff-v0.6.1

fork-diff-v0.6.2

fork-diff-v0.6.3

guardian-prover-health-check-ui-v0.*

guardian-prover-health-check-ui-v0.2.0

protocol-v1.*

protocol-v1.10.0

protocol-v1.11.0

protocol-v1.8.0

protocol-v1.9.0

snaefell-ui-v1.*

snaefell-ui-v1.0.0

snaefell-ui-v1.1.0

supplementary-contracts-v1.*

supplementary-contracts-v1.0.0

taiko-alethia-protocol-v1.*

taiko-alethia-protocol-v1.11.0

taiko-alethia-protocol-v1.12.0

taiko-alethia-protocol-v2.*

taiko-alethia-protocol-v2.1.0

taiko-alethia-protocol-v2.2.0

taiko-alethia-protocol-v2.3.0

taiko-client-v0.*

taiko-client-v0.34.1

taiko-client-v0.36.0

taiko-client-v0.37.0

taiko-client-v0.38.0

taiko-client-v0.39.0

taiko-client-v0.39.1

taiko-client-v0.39.2

taiko-client-v0.40.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66559.json"