CVE-2025-66017 identifies a cryptographic vulnerability in the LFDT-Lockness cggmp21 and cggmp24 libraries, which implement an advanced ECDSA threshold signature scheme (TSS). The vulnerability arises from the insecure use of presignatures in versions cggmp21 up to 0.6.3 and cggmp24 version 0.7.0-alpha.1. Presignatures are intermediate cryptographic values generated during the signing process intended to optimize performance. However, in these affected versions, presignatures can be exploited in a manner that significantly weakens the security guarantees of the TSS protocol, potentially allowing attackers to forge signatures or undermine key confidentiality. This is classified under CWE-327, indicating the use of a broken or risky cryptographic algorithm. The vulnerability does not require authentication or user interaction and can be exploited remotely, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is primarily on the integrity of signatures, which is critical for systems relying on cryptographic proofs for authentication, authorization, or transaction validation. The vulnerability was addressed in cggmp24 version 0.7.0-alpha.2, which includes API changes that prevent presignatures from being used insecurely, thus restoring the intended security properties of the protocol. No public exploits have been reported yet, but the high CVSS score reflects the potential severity if exploited.

For European organizations, the impact of CVE-2025-66017 can be substantial, especially for those using LFDT-Lockness's cggmp21 or cggmp24 libraries in critical applications such as secure communications, blockchain technologies, digital signatures, or multi-party computation systems. The vulnerability compromises the integrity of cryptographic signatures, potentially allowing attackers to forge signatures or disrupt trust mechanisms. This could lead to unauthorized transactions, data tampering, or impersonation attacks. Given the increasing reliance on threshold signature schemes for distributed key management and secure signing in financial services, government agencies, and critical infrastructure sectors, exploitation could undermine operational security and regulatory compliance. The lack of required privileges or user interaction lowers the barrier for remote exploitation, increasing risk exposure. Although no known exploits are currently active, the high severity score and the nature of the vulnerability warrant immediate attention to prevent future attacks. Organizations involved in blockchain, digital identity, or secure messaging within Europe should consider this a significant threat to their cryptographic security posture.

European organizations should immediately assess their use of LFDT-Lockness cggmp21 and cggmp24 libraries in their software stacks. The primary mitigation is to upgrade to cggmp24 version 0.7.0-alpha.2 or later, which contains API changes that prevent insecure presignature usage. If upgrading is not immediately feasible, organizations should audit their cryptographic workflows to ensure presignatures are not used in insecure contexts, potentially disabling or restricting presignature functionality until patched. Additionally, implement rigorous cryptographic code reviews and testing to detect misuse of presignatures. Organizations should monitor vendor advisories and threat intelligence feeds for any emerging exploits. For critical systems, consider deploying cryptographic hardware modules or alternative vetted cryptographic libraries that do not exhibit this vulnerability. Finally, ensure incident response plans include scenarios involving cryptographic compromise to rapidly detect and respond to potential signature forgery or key misuse.