CVE-2025-59693

CRITICAL

9.8

Description

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/2/2025

Derniere modification12/15/2025

Sourcenvd

Observations honeypot0

Produits affectes

entrust:nshield_5centrust:nshield_5c_firmwareentrust:nshield_connect_xc_baseentrust:nshield_connect_xc_base_firmwareentrust:nshield_connect_xc_highentrust:nshield_connect_xc_high_firmwareentrust:nshield_connect_xc_midentrust:nshield_connect_xc_mid_firmwareentrust:nshield_hsmientrust:nshield_hsmi_firmware

Faiblesses (CWE)

CWE-269

References

https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj(cve@mitre.org)

https://www.entrust.com/use-case/why-use-an-hsm(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.