CVE-2025-66016: cggmp21 has a missing check in the ZK proof used in CGGMP21
(updated )
cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.
References
- github.com/LFDT-Lockness/cggmp21
- github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72
- github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889
- github.com/advisories/GHSA-m95p-425x-x889
- nvd.nist.gov/vuln/detail/CVE-2025-66016
- rustsec.org/advisories/RUSTSEC-2025-0129.html
- rustsec.org/advisories/RUSTSEC-2025-0130.html
- www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained
Code Behaviors & Features
Detect and mitigate CVE-2025-66016 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →