High severityOSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026
CVE-2025-66017
CVE-2025-66017
Description
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces security. cggmp24 version 0.7.0-alpha.2 release contains API changes that make it impossible to use presignatures in contexts in which it reduces security.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cggmp21crates.io | <= 0.6.3 | — |
cggmp24crates.io | < 0.7.0-alpha.2 | 0.7.0-alpha.2 |
Affected products
3- Range: audit-1, cggmp21-keygen-v0.1.0, cggmp21-keygen-v0.3.1, …
- ghsa-coords2 versions
<= 0.6.3+ 1 more
- (no CPE)range: <= 0.6.3
- (no CPE)range: < 0.7.0-alpha.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-8frv-q972-9rq5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66017ghsaADVISORY
- github.com/LFDT-Lockness/cggmp21/commit/9d98157e151596573cb071da59d27a4e0ac9b8dcghsaWEB
- github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-8frv-q972-9rq5nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0127.htmlghsaWEB
- rustsec.org/advisories/RUSTSEC-2025-0128.htmlghsaWEB
- www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explainednvdWEB
News mentions
0No linked articles in our index yet.