Home > Vulnerability Database > CVE-2025-66016

Mend.io Vulnerability Database

CVE-2025-66016

Good to know:

Date: November 25, 2025

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.

Severity Score

9.1

Related Resources (10)

Url: https://crates.io/crates/cggmp21

Url: https://rustsec.org/advisories/RUSTSEC-2025-0129.html

Url: https://crates.io/crates/cggmp24

Url: https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72

Url: https://rustsec.org/advisories/RUSTSEC-2025-0130.html

Url: https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66016

Url: https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889

Url: https://github.com/LFDT-Lockness/cggmp21

Url: https://www.mend.io/vulnerability-database/CVE-2025-66016

Severity Score

9.1

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version cggmp21 - 0.7.0-alpha.2

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66016

Good to know:

Date: November 25, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?