CVE-2025-66016

Critical CVSS: 9.3

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.

Vendor

Product

CWE

CWE-345

Yayın Tarihi

2025-11-25 20:16:00

Güncelleme

2025-11-25 22:16:16

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-345 CRITICAL 2025

Referanslar

https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889 https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained