{"id":"RUSTSEC-2025-0129","summary":"Missing check in ZK proof in CGGMP21 Threshold Signing Protocol","details":"Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key.\n\n### Patches\n* `cggmp21 v0.6.3` is a patch release that contains a fix that introduces this specific missing check.\n* However, we recommend upgrading to `cggmp24 v0.7.0-alpha.2` in which we've introduced many other security checks as a precaution. Follow the [migration guidelines](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade.\n\n### References\nRead our [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.","aliases":["CVE-2025-66016","GHSA-m95p-425x-x889","RUSTSEC-2025-0130"],"modified":"2025-11-26T06:15:27.498116Z","published":"2025-11-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/cggmp21"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0129.html"},{"type":"WEB","url":"https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"}],"affected":[{"package":{"name":"cggmp21","ecosystem":"crates.io","purl":"pkg:cargo/cggmp21"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.6.3"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"functions":[],"os":[]}},"database_specific":{"cvss":null,"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0129.json","categories":["crypto-failure"]}}],"schema_version":"1.7.3"}