CVE-2025-58359: frost-core: refresh shares with smaller min_signers will reduce security of group
It was not clear that it is not possible to change min_signers (i.e. the threshold) with the refresh share functionality (frost_core::keys::refresh module). Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after refreshing the shares with a smaller threshold, it would still be possible to sign with the original threshold; however, this could cause a security loss to the participant’s shares. We have not determined the exact security implications of doing so and judged simpler to just validate min_signers.
If for some reason you have done a refresh share procedure with a smaller min_signers we strongly recommend migrating to a new key.
References
- github.com/ZcashFoundation/frost
- github.com/ZcashFoundation/frost/commit/379ef689c733b3d9c80fd409071d4f3af4dafed2
- github.com/ZcashFoundation/frost/releases/tag/frost-core%2Fv2.2.0
- github.com/ZcashFoundation/frost/security/advisories/GHSA-wgq8-vr6r-mqxm
- github.com/advisories/GHSA-wgq8-vr6r-mqxm
- nvd.nist.gov/vuln/detail/CVE-2025-58359
Code Behaviors & Features
Detect and mitigate CVE-2025-58359 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →