CVE
CVE-2025-66016
Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key.
Patches
cggmp21 v0.6.3is a patch release that contains a fix that introduces this specific missing check.- However, we recommend upgrading to
cggmp24 v0.7.0-alpha.2in which we've introduced many other security checks as a precaution. Follow the migration guidelines to upgrade.
References
Read our blog post to learn more.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.3
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
9.1
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Related Resources
No items found.
References
https://crates.io/crates/cggmp21, https://rustsec.org/advisories/RUSTSEC-2025-0129.html, https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained
Basic Information
Ecosystem
