CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1120 vulnerabilities reference this CWE, most recent first.
GHSA-M3WG-2CH3-59M2
Vulnerability from github – Published: 2026-05-27 09:31 – Updated: 2026-05-27 09:31The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.
{
"affected": [],
"aliases": [
"CVE-2025-41669"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T08:16:39Z",
"severity": "HIGH"
},
"details": "The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.",
"id": "GHSA-m3wg-2ch3-59m2",
"modified": "2026-05-27T09:31:14Z",
"published": "2026-05-27T09:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41669"
},
{
"type": "WEB",
"url": "https://www.certvde.com/en/advisories/VDE-2026-050"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M429-FHMV-C6Q2
Vulnerability from github – Published: 2021-04-20 16:44 – Updated: 2024-11-18 16:26A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0a1"
},
{
"fixed": "2.8.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0a1"
},
{
"fixed": "2.9.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-14365"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-02T22:49:57Z",
"nvd_published_at": "2020-09-23T13:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when `disable_gpg_check` is set to `False`, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.",
"id": "GHSA-m429-fhmv-c6q2",
"modified": "2024-11-18T16:26:11Z",
"published": "2021-04-20T16:44:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14365"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869154"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-m429-fhmv-c6q2"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Improper Verification of Cryptographic Signature in ansible"
}
GHSA-M48H-73H7-3CHF
Vulnerability from github – Published: 2025-04-30 18:31 – Updated: 2025-04-30 18:31Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-33074"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T18:15:47Z",
"severity": "HIGH"
},
"details": "Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.",
"id": "GHSA-m48h-73h7-3chf",
"modified": "2025-04-30T18:31:55Z",
"published": "2025-04-30T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33074"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M5HR-8XHP-QGX7
Vulnerability from github – Published: 2024-09-28 09:30 – Updated: 2024-09-28 09:30Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
Was ZDI-CAN-23102
{
"affected": [],
"aliases": [
"CVE-2024-23960"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-28T07:15:03Z",
"severity": "MODERATE"
},
"details": "Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\nWas ZDI-CAN-23102",
"id": "GHSA-m5hr-8xhp-qgx7",
"modified": "2024-09-28T09:30:44Z",
"published": "2024-09-28T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23960"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-845"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M5M3-46GJ-WCH8
Vulnerability from github – Published: 2022-10-06 19:54 – Updated: 2023-01-10 16:09Impact
The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.
Patches
A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade.
The patch is commit https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa
Workarounds
Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.
References
For more information
If you have any questions or comments about this advisory:
- Open an issue in github.com/sylabs/sif
- Email us at security@sylabs.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/sylabs/sif/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39237"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-06T19:54:55Z",
"nvd_published_at": "2022-10-06T18:16:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.\n\n### Patches\n\nA patch is available in version \u003e= v2.8.1 of the module. Users are encouraged to upgrade.\n\nThe patch is commit https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa\n\n### Workarounds\n\nUsers may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.\n\n### References\n\n* [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761)\n* [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [github.com/sylabs/sif](https://github.com/sylabs/sif/issues/new)\n* Email us at [security@sylabs.io](mailto:security@sylabs.io)",
"id": "GHSA-m5m3-46gj-wch8",
"modified": "2023-01-10T16:09:12Z",
"published": "2022-10-06T19:54:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39237"
},
{
"type": "WEB",
"url": "https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa"
},
{
"type": "PACKAGE",
"url": "https://github.com/sylabs/sif"
},
{
"type": "WEB",
"url": "https://github.com/sylabs/sif/releases/tag/v2.8.1"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-2761"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4900"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-1045"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "SIF\u0027s Digital Signature Hash Algorithms Not Validated"
}
GHSA-M82C-5HPW-48F7
Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-04-04 06:17A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
{
"affected": [],
"aliases": [
"CVE-2023-3347"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T15:15:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Samba\u0027s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured \"server signing = required\" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.",
"id": "GHSA-m82c-5hpw-48f7",
"modified": "2024-04-04T06:17:50Z",
"published": "2023-07-20T18:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:4325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:4328"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3347"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222792"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230731-0010"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5477"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2023-3347.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M837-G268-MMV7
Vulnerability from github – Published: 2025-07-25 14:08 – Updated: 2025-07-25 14:08Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature.
This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username.
To conduct the attack an attacker would need a validly signed document from the identity provider (IdP).
In fixing this we upgraded xml-crypto to v6.1.2 and made sure to process the SAML assertions from only verified/authenticated contents. This will prevent future variants from coming up.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.1"
},
"package": {
"ecosystem": "npm",
"name": "@node-saml/node-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54369"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-347",
"CWE-87"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-25T14:08:50Z",
"nvd_published_at": "2025-07-24T23:15:26Z",
"severity": "CRITICAL"
},
"details": "Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. \n\nThis allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username.\n\nTo conduct the attack an attacker would need a validly signed document from the identity provider (IdP).\n\nIn fixing this we upgraded xml-crypto to v6.1.2 and made sure to process the SAML assertions from only verified/authenticated contents. This will prevent future variants from coming up.",
"id": "GHSA-m837-g268-mmv7",
"modified": "2025-07-25T14:08:50Z",
"published": "2025-07-25T14:08:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54369"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10"
},
{
"type": "PACKAGE",
"url": "https://github.com/node-saml/node-saml"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Node-SAML SAML Authentication Bypass"
}
GHSA-M92X-373G-XC36
Vulnerability from github – Published: 2022-02-10 00:01 – Updated: 2022-02-10 00:01The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
{
"affected": [],
"aliases": [
"CVE-2020-16154"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-13T17:15:00Z",
"severity": "HIGH"
},
"details": "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.",
"id": "GHSA-m92x-373g-xc36",
"modified": "2022-02-10T00:01:23Z",
"published": "2022-02-10T00:01:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16154"
},
{
"type": "WEB",
"url": "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW"
},
{
"type": "WEB",
"url": "https://metacpan.org/pod/App::cpanminus"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M93H-GJV2-FMQ2
Vulnerability from github – Published: 2026-06-12 18:32 – Updated: 2026-06-29 21:31SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
{
"affected": [],
"aliases": [
"CVE-2026-48558"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T18:16:35Z",
"severity": "CRITICAL"
},
"details": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.",
"id": "GHSA-m93h-gjv2-fmq2",
"modified": "2026-06-29T21:31:55Z",
"published": "2026-06-12T18:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48558"
},
{
"type": "WEB",
"url": "https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain"
},
{
"type": "WEB",
"url": "https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs"
},
{
"type": "WEB",
"url": "https://simple-help.com/release-news"
},
{
"type": "WEB",
"url": "https://simple-help.com/security/simplehelp-security-update-2026-05"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M95P-425X-X889
Vulnerability from github – Published: 2025-11-25 20:41 – Updated: 2025-11-27 08:59Impact
cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.
Patches
cggmp21 v0.6.3is a patch release that contains a fix that introduces this specific missing check- However, cggmp21 recommends upgrading to
cggmp24 v0.7.0-alpha.2which contains many other security checks as a precaution. Follow migration guideline to upgrade.
Workarounds
Update to cggmp21 v0.6.3, a minor release that contains a minimal security patch.
However, for full mitigation, users will need to upgrade to cggmp24 v0.7.0-alpha.2 as it contains many more security check implementations.
Resources
Read this blog post to learn more.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "cggmp21"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "cggmp24"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0-alpha.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66016"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-25T20:41:04Z",
"nvd_published_at": "2025-11-25T20:16:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\ncggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.\n\n### Patches\n* `cggmp21 v0.6.3` is a patch release that contains a fix that introduces this specific missing check\n* However, cggmp21 recommends upgrading to `cggmp24 v0.7.0-alpha.2` which contains many other security checks as a precaution. Follow [migration guideline](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade.\n\n### Workarounds\nUpdate to `cggmp21 v0.6.3`, a minor release that contains a minimal security patch.\n\nHowever, for full mitigation, users will need to upgrade to `cggmp24 v0.7.0-alpha.2` as it contains many more security check implementations.\n\n### Resources\nRead this [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.",
"id": "GHSA-m95p-425x-x889",
"modified": "2025-11-27T08:59:47Z",
"published": "2025-11-25T20:41:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66016"
},
{
"type": "WEB",
"url": "https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72"
},
{
"type": "PACKAGE",
"url": "https://github.com/LFDT-Lockness/cggmp21"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0129.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0130.html"
},
{
"type": "WEB",
"url": "https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "cggmp21 has a missing check in the ZK proof used in CGGMP21"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.