How to fix EUVD-2025-200257?

Within 24 hours: Inventory all nShield Connect XC, nShield 5c, and nShield HSMi devices running versions 13.6.11 or earlier, or 13.7, and assess physical access controls to HSM locations. Within 7 days: Implement strict physical security measures restricting access to HSM host systems and implement BIOS/firmware password protections where available. Within 30 days: Contact Entrust for patch availability timeline and deployment plan; evaluate alternative HSM vendors or architectural changes if patches remain unavailable for extended periods.

Is Nshield Connect Xc Base Firmware affected by EUVD-2025-200257?

Entrust nShield hardware security modules (HSM) are vulnerable to local privilege escalation attacks by physically proximate attackers who can modify bootloader configurations.

EUVD-2025-200257

| CVE-2025-59697 HIGH

2025-12-02 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200257

PoC Detected

Dec 08, 2025 - 19:31 vuln.today

Public exploit code

CVE Published

Dec 02, 2025 - 15:15 nvd

HIGH 7.2

Description

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

Analysis

Technical Context

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).

Affected Products

Affected products: Entrust Nshield 5C Firmware, Entrust Nshield Hsmi Firmware, Entrust Nshield Connect Xc Base Firmware

Remediation

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

EUVD-2025-200257 vulnerability details – vuln.today

Back

EUVD-2025-200257

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-200257

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code