How to fix CVE-2025-59703?

Within 24 hours: Inventory all affected Entrust HSM models and versions in your environment; restrict physical access to HSM devices to authorized personnel only and implement continuous monitoring. Within 7 days: Contact Entrust support for patch timelines and interim guidance; assess whether devices are in physically secure locations (locked server rooms, cages) and document current access controls. Within 30 days: Develop a phased upgrade plan once patches are released; consider deploying additional environmental controls such as CCTV monitoring, access logs, and intrusion detection for HSM locations; evaluate whether key rotation or re-issuance is needed depending on your threat model and regulatory requirements.

Is Nshield Connect Xc Base Firmware affected by CVE-2025-59703?

Entrust HSM appliances (nShield Connect XC, nShield 5c, nShield HSMi up to versions 13.6.11/13.7) contain a critical physical tampering vulnerability allowing attackers with direct device access to extract cryptographic keys without detection.

CVE-2025-59703

EUVD-2025-200272 CRITICAL

2025-12-02 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200272

PoC Detected

Dec 08, 2025 - 19:39 vuln.today

Public exploit code

CVE Published

Dec 02, 2025 - 16:15 nvd

CRITICAL 9.1

Description

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

Analysis

Technical Context

This vulnerability is classified as Improper Access Control (CWE-284).

Affected Products

Affected products: Entrust Nshield 5C Firmware, Entrust Nshield Hsmi Firmware, Entrust Nshield Connect Xc Base Firmware

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: +20

CVE-2025-59703 vulnerability details – vuln.today

Back

CVE-2025-59703

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-59703

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code