Executive Summary

CVE-2025-58359 is a vulnerability in the Rust package "frost-core" versions 2.0.0 through 2.1.0 related to the refresh share functionality. The issue is that the "min_signers" parameter, which sets the signing threshold, cannot be decreased during the refresh process, but this limitation was not clearly communicated to users. Attempts to sign with a smaller threshold than originally set would fail, yet after refreshing shares with a smaller "min_signers" value, it remained possible to sign using the original, higher threshold. This discrepancy can lead to a security degradation of the participant's shares, potentially weakening the security of the group. The vulnerability was fixed in version 2.2.0 by adding validation to prevent lowering the threshold during refresh. [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by reducing the security of the threshold signature group. Specifically, if you attempt to refresh shares with a smaller signing threshold (min_signers), the system does not properly enforce this change, allowing signing with the original higher threshold. This inconsistency can lead to a security loss of participant shares, potentially exposing them or weakening the overall security guarantees of the signature scheme. If you have already refreshed shares with a smaller threshold, your group’s security may be compromised, and migrating to a new key is strongly recommended. Users who do not use the refresh share functionality or have not tried to reduce the threshold are not required to update. [1, 2, 3]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability relates to the improper handling of the `min_signers` parameter in the frost_core::keys::refresh module of the frost-core Rust package versions >= 2.0.0 and < 2.2.0. Detection involves checking if your system is using a vulnerable version of frost-core and whether the refresh share functionality was used with a smaller `min_signers` value. There are no specific network or system commands provided to detect this vulnerability directly. Instead, detection requires auditing your usage of the frost-core library, especially if you have performed share refreshes with a smaller threshold. Reviewing your project's dependencies and code for calls to the refresh share functions and verifying the version of frost-core in use is recommended. [1, 3]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update the frost-core package to version 2.2.0 or later, which includes validation to prevent lowering the `min_signers` threshold during share refresh. If you have already refreshed shares with a smaller `min_signers` value, it is strongly recommended to migrate to a new key, as updating alone does not restore security for those cases. Users who have not used the refresh share functionality or have not attempted to reduce the threshold do not necessarily need to update. Additionally, review your key management practices to ensure no unauthorized threshold changes have occurred. [1, 2]

Useful 0 Not Useful 0