CVE 9.3 CRITICAL

CGGMP24 is missing a check in the ZK proof used in CGGMP21_CVE-2025-66016

November 25, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.

AI Analysis

Missing check in ZK proof enables an attack to reconstruct full private key

Basic Information

ID CVE-2025-66016

Source GitHub_M

Published Nov 25, 2025 at 19:48

Modified Nov 25, 2025 at 20:57

Affected Product

Vendor LFDT-Lockness

Product cggmp21

Version < 0.6.3

Affected Versions LFDT-Lockness cggmp21 < 0.6.3

CWE Classification

CWE-345

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor LFDT-Lockness

Product cggmp21

Version < 0.6.3

References

{
    "lastseen": "",
    "description": "CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.",
    "published": "2025-11-25T19:48:16.483Z",
    "modified": "2025-11-25T20:57:34.072Z",
    "type": "cve",
    "title": "CGGMP24 is missing a check in the ZK proof used in CGGMP21",
    "source": "GitHub_M",
    "references": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889\nhttps://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained",
    "id": "CVE-2025-66016",
    "bulletinFamily": "",
    "cwe": [
        "CWE-345"
    ],
    "cvelist": null,
    "sourceData": "LFDT-Lockness cggmp21 < 0.6.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cggmp21",
    "version": "< 0.6.3",
    "vendor": "LFDT-Lockness",
    "ai_description": "Missing check in ZK proof enables an attack to reconstruct full private key",
    "ai_severity": "Critical",
    "ai_vendor": "LFDT-Lockness",
    "ai_product": "cggmp21",
    "ai_version": "< 0.6.3",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply