How to fix EUVD-2025-200255?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Nshield Connect Xc High Firmware affected by EUVD-2025-200255?

CVE-2025-59699 presents notable security risk rated CVSS 6.8. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-200255

| CVE-2025-59699 MEDIUM

2025-12-02 [email protected]

6.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200255

PoC Detected

Dec 08, 2025 - 19:41 vuln.today

Public exploit code

CVE Published

Dec 02, 2025 - 15:15 nvd

MEDIUM 6.8

Description

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).

Affected Products

Affected products: Entrust Nshield 5C Firmware, Entrust Nshield Hsmi Firmware, Entrust Nshield Connect Xc Base Firmware

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: +20

EUVD-2025-200255 vulnerability details – vuln.today

Back

EUVD-2025-200255

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-200255

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code