CVE-2025-66017: 
Rust Analyse et atténuation des vulnérabilités

CVE-2025-66017 affects the CGGMP24 ECDSA TSS protocol, specifically impacting versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24. The vulnerability allows presignatures to be used in a way that significantly reduces security in the protocol that supports 1-round signing, identifiable abort, and key refresh functionality (GitHub Advisory, DFNS Article).

The vulnerability manifests in two specific contexts: when presignatures are combined with HD wallets derivation, reducing security level to 85 bits, and when presignatures are used with 'raw signing' where signers sign a hash without knowing the original message. The issue stems from the ability to use Presignature::setderivationpath and Presignature::issuepartialsignature methods in ways that compromise security. The vulnerability has been assigned a CVSS v4.0 score of 8.2 (HIGH) with vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N (DFNS Article).

When exploited, the vulnerability can lead to signature forgery attacks and reduced security levels. In the case of HD wallet derivation, the security level is reduced to 85 bits from the standard 128-bit security level of ECDSA with secp256k1 curve. For raw signing scenarios, attackers can potentially forge signatures for messages that signers never approved (DFNS Article).

The vulnerability has been patched in cggmp24 version 0.7.0-alpha.2, which includes API changes that prevent presignatures from being used in contexts where they could reduce security. Users can either migrate to cggmp24 v0.7.0-alpha.2 (recommended) or continue using unpatched versions while avoiding presignatures in the vulnerable scenarios (GitHub Advisory).