Skip to main content

Nshield Hsmi Firmware EUVDEUVD-2025-200260

| CVE-2025-59694 MEDIUM
Improper Access Control for Volatile Memory Containing Boot Code (CWE-1274)
2025-12-02 cve@mitre.org
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200260
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
PoC Detected
Dec 15, 2025 - 13:39 vuln.today
Public exploit code
CVE Published
Dec 02, 2025 - 15:15 nvd
MEDIUM 6.8

DescriptionCVE.org

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.

AnalysisAI

CVE-2025-59694 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-59695 CRITICAL POC
9.8 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to a

CVE-2025-59693 CRITICAL POC
9.8 Dec 02

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow

CVE-2025-59703 CRITICAL POC
9.1 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker

CVE-2025-59702 HIGH POC
7.2 Dec 02

A privilege escalation vulnerability (CVSS 7.2) that allows a physically proximate attacker with elevated privileges. Ri

CVE-2025-59697 HIGH POC
7.2 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker

CVE-2025-59705 MEDIUM POC
6.8 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker

CVE-2025-59699 MEDIUM POC
6.8 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker

CVE-2025-59698 MEDIUM POC
6.8 Dec 02

CVE-2025-59698 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public

CVE-2025-59704 MEDIUM POC
4.6 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the

CVE-2025-59701 MEDIUM POC
4.1 Dec 02

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker

Share

EUVD-2025-200260 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy