CVE-2025-58359

Name of the Vulnerable Software and Affected Versions ZF FROST versions 2.0.0 through 2.1.0

Description ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). Refresh shares with smaller min signers values in versions 2.0.0 through 2.1.0 can reduce security of the group. The refresh share functionality within the frost core::keys::refresh module did not clearly communicate to users that changing min signers would not decrease the threshold. Attempts to sign using a smaller threshold would fail, but signing with the original threshold would still be possible after refreshing shares with a smaller threshold, potentially leading to a security loss for participant shares.

Recommendations Update to version 2.2.0 or later.