CVE 9.1 CRITICAL

CVE-2025-59703_CVE-2025-59703

December 3, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

AI Analysis

Physically Proximate Attack to access internal components without tamper evidence

Basic Information

ID CVE-2025-59703

Source mitre

Published Dec 2, 2025 at 00:00

Modified Dec 3, 2025 at 14:50

Affected Product

Vendor Entrust

Product nShield Connect XC, nShield 5c, nShield HSMi

Version 13.6.11, 13.7

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Entrust

Product nShield Connect XC, nShield 5c, nShield HSMi

Version 13.6.11, 13.7

References

{
    "lastseen": "",
    "description": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.",
    "published": "2025-12-02T00:00:00.000Z",
    "modified": "2025-12-03T14:50:00.869Z",
    "type": "cve",
    "title": "CVE-2025-59703",
    "source": "mitre",
    "references": "https://www.entrust.com/use-case/why-use-an-hsm\nhttps://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj",
    "id": "CVE-2025-59703",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nShield Connect XC, nShield 5c, nShield HSMi",
    "version": "13.6.11, 13.7",
    "vendor": "Entrust",
    "ai_description": "Physically Proximate Attack to access internal components without tamper evidence",
    "ai_severity": "Critical",
    "ai_vendor": "Entrust",
    "ai_product": "nShield Connect XC, nShield 5c, nShield HSMi",
    "ai_version": "13.6.11, 13.7",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply