CVE-2025-66017
Published: Nov 25, 2025
Modified: Nov 25, 2025
Description
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces security. cggmp24 version 0.7.0-alpha.2 release contains API changes that make it impossible to use presignatures in contexts in which it reduces security.
| Vendor | Product | Versions |
|---|---|---|
LFDT-Lockness | cggmp21 | affected cggmp21 <= 0.6.3affected cggmp24 = 0.7.0-alpha.1 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now