CVE-2025-66016

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions CGGMP24 versions prior to 0.6.3 CGGMP24 version 0.6.3 CGGMP24 versions 0.6.3 through 0.7.0-alpha.2

Description A missing check in the ZK proof allows a single malicious signer to reconstruct the full private key. The issue was addressed with a fix in version 0.6.3. Upgrading to version 0.7.0-alpha.2 is recommended as it includes additional security checks.

Recommendations Versions prior to 0.6.3 should be upgraded to version 0.6.3 or later. Version 0.6.3 should be upgraded to version 0.7.0-alpha.2 for enhanced security.

Exploit

Fix

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347

Related Identifiers

CVE-2025-66016

GHSA-M95P-425X-X889

RUSTSEC-2025-0129

RUSTSEC-2025-0130

Affected Products

Cggmp24

CVE-2025-66016

Weakness Enumeration

Related Identifiers

Affected Products

References · 22