How to fix CVE-2025-59697?

Within 24 hours: Inventory all nShield Connect XC, nShield 5c, and nShield HSMi devices running versions 13.6.11 or earlier, or 13.7, and assess physical access controls to HSM locations. Within 7 days: Implement strict physical security measures restricting access to HSM host systems and implement BIOS/firmware password protections where available. Within 30 days: Contact Entrust for patch availability timeline and deployment plan; evaluate alternative HSM vendors or architectural changes if patches remain unavailable for extended periods.

Is Nshield Connect Xc Base Firmware affected by CVE-2025-59697?

Entrust nShield hardware security modules (HSM) are vulnerable to local privilege escalation attacks by physically proximate attackers who can modify bootloader configurations.

CVE-2025-59697

EUVD-2025-200257 HIGH

2025-12-02 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200257

PoC Detected

Dec 08, 2025 - 19:31 vuln.today

Public exploit code

CVE Published

Dec 02, 2025 - 15:15 nvd

HIGH 7.2

Description

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

Analysis

Technical Context

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).

Affected Products

Affected products: Entrust Nshield 5C Firmware, Entrust Nshield Hsmi Firmware, Entrust Nshield Connect Xc Base Firmware

Remediation

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

CVE-2025-59697 vulnerability details – vuln.today

Back

CVE-2025-59697

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-59697

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code