CVE-2025-59703

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj	Exploit Third Party Advisory
https://www.entrust.com/use-case/why-use-an-hsm	Product

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:entrust:nshield_5c_firmware::::::::
	cpe:2.3:o:entrust:nshield_5c_firmware::::::::

cpe:2.3:h:entrust:nshield_5c:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:entrust:nshield_hsmi_firmware::::::::
	cpe:2.3:o:entrust:nshield_hsmi_firmware::::::::

cpe:2.3:h:entrust:nshield_hsmi:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:entrust:nshield_connect_xc_base_firmware::::::::
	cpe:2.3:o:entrust:nshield_connect_xc_base_firmware::::::::

cpe:2.3:h:entrust:nshield_connect_xc_base:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware::::::::
	cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware::::::::

cpe:2.3:h:entrust:nshield_connect_xc_mid:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:entrust:nshield_connect_xc_high_firmware::::::::
	cpe:2.3:o:entrust:nshield_connect_xc_high_firmware::::::::

cpe:2.3:h:entrust:nshield_connect_xc_high:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-02 16:15

Updated : 2025-12-08 19:39

NVD link : CVE-2025-59703

Mitre link : CVE-2025-59703

CVE.ORG link : CVE-2025-59703

JSON object : View

Products Affected

entrust

nshield_connect_xc_mid_firmware
nshield_hsmi
nshield_connect_xc_high_firmware
nshield_5c_firmware
nshield_connect_xc_base
nshield_connect_xc_base_firmware
nshield_connect_xc_high
nshield_hsmi_firmware
nshield_connect_xc_mid
nshield_5c

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-59703", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-12-02T16:15:55.317", "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.entrust.com/use-case/why-use-an-hsm", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack."}], "lastModified": "2025-12-08T19:39:02.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFB3D135-8EAC-4053-BB94-18D5BBB24AE7", "versionEndExcluding": "13.6.12"}, {"criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED259AB7-BFED-4B97-B455-E1D34730CFFF", "versionEndExcluding": "13.9.0", "versionStartIncluding": "13.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:entrust:nshield_5c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BB0F3F8-F5DE-41CB-B804-BBFB78C6ADEB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED3AEBBD-7F75-47F1-8EEA-342BAC9D265E", "versionEndExcluding": "13.6.12"}, {"criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7125CC3-3B27-4C90-97DE-51D226FBDC00", "versionEndExcluding": "13.9.0", "versionStartIncluding": "13.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:entrust:nshield_hsmi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7665EE9-9F7F-456F-B172-ED188DD3BAD4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73858FD-5FE6-4AFA-84F2-E19743E9D900", "versionEndExcluding": "13.6.12"}, {"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01CDF5EE-9059-478A-BFE5-D7ADEF9625C4", "versionEndExcluding": "13.9.0", "versionStartIncluding": "13.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:entrust:nshield_connect_xc_base:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18FCA0E9-EEA9-40EC-9E0F-942F049D2354"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A54F973-25D8-468D-B6A4-240A95D94A0B", "versionEndExcluding": "13.6.12"}, {"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E43D1A7-9CB7-479D-89A9-D5041BB212A4", "versionEndExcluding": "13.9.0", "versionStartIncluding": "13.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:entrust:nshield_connect_xc_mid:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB0ACAD9-BBCE-43CC-BD84-2023885725EE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC11D8B-D72E-4CE9-AE61-AEA85F122F22", "versionEndExcluding": "13.6.12"}, {"criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7048C8-EB43-4F23-8946-456EF6F3A1B7", "versionEndExcluding": "13.9.0", "versionStartIncluding": "13.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:entrust:nshield_connect_xc_high:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F0EDB1F-932B-4EC5-9D09-03CAD98BC2FA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}