CVE-2025-48886

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 0.22.0

Description Hydra is a layer-two scalability solution for Cardano. The issue arises from the assumption of L1 event finality, where the system does not consider failed transactions on the Cardano L1. This makes transactions a target for re-org attacks as soon as they are recognized by node participants. The system's oversight of failed transactions appearing in blocks, due to their infrequency, contributes to the problem.

Recommendations For versions prior to 0.22.0, update to version 0.22.0 to resolve the issue.