CVE-2025-66016
CRITICALcggmp21 < 0.6.3 and cggmp24 < 0.7.0-alpha.2 - Insufficient Verification of Data Authenticity
Title source: llmDescription
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889
Various Sources x_refsource_misc
https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained
Scores
CVSS v4
9.3
EPSS
0.0017
EPSS Percentile
6.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-345
Status
published
Products (3)
crates.io/cggmp21
0 - 0.6.3crates.io
crates.io/cggmp24
0 - 0.7.0-alpha.2crates.io
LFDT-Lockness/cggmp21
< 0.6.3
Published
Nov 25, 2025
Tracked Since
Feb 18, 2026