CVE-2025-59703
Last modified
CVE-2025-59703 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Entrust | Nshield 5c Firmware | < 13.6.12 |
| Entrust | Nshield 5c Firmware | >= 13.7, < 13.9.0 |
| Entrust | Nshield Hsmi Firmware | < 13.6.12 |
| Entrust | Nshield Hsmi Firmware | >= 13.7, < 13.9.0 |
| Entrust | Nshield Connect Xc Base Firmware | < 13.6.12 |
| Entrust | Nshield Connect Xc Base Firmware | >= 13.7, < 13.9.0 |
| Entrust | Nshield Connect Xc Mid Firmware | < 13.6.12 |
| Entrust | Nshield Connect Xc Mid Firmware | >= 13.7, < 13.9.0 |
| Entrust | Nshield Connect Xc High Firmware | < 13.6.12 |
| Entrust | Nshield Connect Xc High Firmware | >= 13.7, < 13.9.0 |
References
- https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwjExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59703?
How severe is CVE-2025-59703?
How do I fix CVE-2025-59703?
Are you affected by CVE-2025-59703?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST