Critical severityOSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026
CVE-2025-66016
CVE-2025-66016
Description
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cggmp21crates.io | < 0.6.3 | 0.6.3 |
cggmp24crates.io | < 0.7.0-alpha.2 | 0.7.0-alpha.2 |
Affected products
3- Range: audit-1, cggmp21-keygen-v0.1.0, cggmp21-keygen-v0.3.1, …
- ghsa-coords2 versions
< 0.6.3+ 1 more
- (no CPE)range: < 0.6.3
- (no CPE)range: < 0.7.0-alpha.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-m95p-425x-x889ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66016ghsaADVISORY
- github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72ghsaWEB
- github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0129.htmlghsaWEB
- rustsec.org/advisories/RUSTSEC-2025-0130.htmlghsaWEB
- www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explainednvdWEB
News mentions
0No linked articles in our index yet.