CVE-2025-59703

moderate-risk

Published 2025-12-02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Nshield 5C Firmware

Nshield Hsmi Firmware

Nshield Connect Xc Base Firmware

Nshield Connect Xc Mid Firmware

Nshield Connect Xc High Firmware

Affected Vendors

Entrust

References (2)

Exploit https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-g...

Product https://www.entrust.com/use-case/why-use-an-hsm

/ 100

moderate-risk

Severity 31/34 · Critical

Exploitability 0/34 · Minimal

Exposure 12/34 · Low