Vulnerability in Taiko Alethia Rollup Affects Ethereum-based Solutions
CVE-2025-66559

8HIGH

Key Information:

Vendor: Taikoxyz
Status: Taiko-mono
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-66559?

Taiko Alethia, a rollup designed for Ethereum scalability, contains a security flaw in versions 2.3.1 and earlier. The vulnerability arises within the _verifyBatches function where the local transition ID (tid) is updated before confirming the verification of a batch. If a subsequent check fails—such as the cooldown window not being passed or the transaction becoming invalid—the last verified batch could reference a transition ID that is incorrect as it may originate from an unverified upcoming batch. This can lead to corruption of the verified chain pointer, potentially affecting transaction integrity and security within the Ethereum network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

taiko-mono <= 2.3.1

References

https://github.com/taikoxyz/taiko-mono/security/advisorie...

x_refsource_CONFIRM

https://github.com/taikoxyz/taiko-mono/commit/379f5cb4ffe...

x_refsource_MISC

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 4, 2025

JSON

Taikoxyz

What is CVE-2025-66559?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.