CVE-2025-59701
📋 TL;DR
This vulnerability allows physically proximate attackers with elevated privileges to read and modify the unencrypted SSD contents of affected Entrust nShield hardware security modules. This affects organizations using nShield Connect XC, nShield 5c, and nShield HSMi devices. The attack requires physical access and administrative privileges.
💻 Affected Systems
- Entrust nShield Connect XC
- Entrust nShield 5c
- Entrust nShield HSMi
📦 What is this software?
Nshield Connect Xc Base Firmware by Entrust
Nshield Connect Xc Base Firmware by Entrust
Nshield Connect Xc High Firmware by Entrust
Nshield Connect Xc High Firmware by Entrust
Nshield Connect Xc Mid Firmware by Entrust
Nshield Connect Xc Mid Firmware by Entrust
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of cryptographic keys, certificates, and sensitive data stored on the HSM, leading to data breaches, identity theft, and cryptographic system compromise.
Likely Case
Unauthorized access to sensitive configuration data and cryptographic materials by malicious insiders or attackers who gain physical access to data centers.
If Mitigated
Limited impact due to physical security controls preventing unauthorized access to hardware and privilege management restricting administrative access.
🎯 Exploit Status
Exploitation requires physical access to the hardware, disassembly or direct connection to the SSD, and elevated privileges on the system. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 13.6.11 and 13.7
Vendor Advisory: https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj
Restart Required: Yes
Instructions:
1. Contact Entrust support for firmware updates. 2. Apply the latest firmware version that addresses SSD encryption. 3. Reboot the HSM device after firmware update. 4. Verify encryption is enabled on the SSD.
🔧 Temporary Workarounds
Enable Physical Security Controls
allImplement strict physical access controls to prevent unauthorized personnel from accessing HSM hardware.
Restrict Administrative Privileges
allLimit administrative access to only trusted personnel who require physical access to the hardware.
🧯 If You Can't Patch
- Implement enhanced physical security measures including locked cabinets, surveillance, and access logs for HSM devices
- Rotate cryptographic keys and certificates stored on vulnerable HSMs and monitor for unauthorized usage
🔍 How to Verify
Check if Vulnerable:
Check firmware version via HSM management interface or CLI. If version is 13.6.11 or earlier, or exactly 13.7, the system is vulnerable.Check Version:
Use HSM-specific management commands (varies by model) or check via Entrust nShield management interfaceVerify Fix Applied:
Verify firmware version is updated beyond vulnerable versions and confirm SSD encryption is enabled through HSM diagnostic tools.📡 Detection & Monitoring
Log Indicators:
- Unauthorized physical access logs to server rooms
- HSM firmware modification attempts
- Unexpected HSM reboots or maintenance events
Network Indicators:
- None - this is a physical access vulnerability
SIEM Query:
Search for physical access control system alerts showing unauthorized entry to HSM locations, combined with HSM administrative activity logs