CVE-2025-59702 – This vulnerability allows a physically proximat... (How to Fix)

Q: What is the severity of CVE-2025-59702?

CVE-2025-59702 has a CVSS score of 7.2 (HIGH). This vulnerability allows a physically proximate attacker with elevated privileges to falsify tamper events on Entrust nShield hardware security modules by accessing internal components. This could undermine the physical security monitoring of these critical cryptographic devices. Affected systems include Entrust nShield Connect XC, nShield 5c, and nShield HSMi devices.

📋 TL;DR

This vulnerability allows a physically proximate attacker with elevated privileges to falsify tamper events on Entrust nShield hardware security modules by accessing internal components. This could undermine the physical security monitoring of these critical cryptographic devices. Affected systems include Entrust nShield Connect XC, nShield 5c, and nShield HSMi devices.

💻 Affected Systems

Products:

Entrust nShield Connect XC
Entrust nShield 5c
Entrust nShield HSMi

Versions: Through 13.6.11, or 13.7

Operating Systems: Not OS-dependent - hardware vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: Requires physical access to internal components and elevated privileges. Affects hardware security modules used for cryptographic operations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could disable tamper detection mechanisms, allowing undetected physical access to extract cryptographic keys or manipulate hardware, compromising the entire cryptographic infrastructure.

🟠

Likely Case

Malicious insiders or attackers with physical access could bypass tamper-evident features, potentially extracting sensitive cryptographic material without triggering security alerts.

🟢

If Mitigated

With proper physical security controls and access restrictions, the attack surface is significantly reduced, though the vulnerability remains present in the hardware.

🌐 Internet-Facing: LOW - This requires physical proximity and elevated privileges, not network access.

🏢 Internal Only: HIGH - This is an internal physical security vulnerability affecting critical cryptographic hardware.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access to hardware components and elevated system privileges. The vulnerability is documented in Google's security research advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 13.6.11 and 13.7

Vendor Advisory: https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj

Restart Required: Yes

Instructions:

1. Contact Entrust support for firmware updates. 2. Schedule maintenance window for HSM firmware update. 3. Apply firmware update following vendor instructions. 4. Verify tamper detection functionality post-update.

🔧 Temporary Workarounds

Enhanced Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized access to HSM hardware components.

Privilege Access Management

all

Restrict administrative privileges to essential personnel only and implement multi-person control for physical access.

🧯 If You Can't Patch

Implement enhanced physical security measures including surveillance, access logs, and tamper-evident seals
Isolate HSMs in secure locations with strict access controls and multi-person authorization requirements

🔍 How to Verify

Check if Vulnerable:

Check firmware version via HSM management interface or command: nfkminfo -v

Check Version:

nfkminfo -v

Verify Fix Applied:

Verify firmware version is above 13.6.11 or 13.7, and test tamper detection mechanisms

📡 Detection & Monitoring

Log Indicators:

Unexpected tamper event logs
Physical access logs showing unauthorized entry
HSM firmware version matches vulnerable range

Network Indicators:

None - this is a physical hardware vulnerability

SIEM Query:

source="hsm_logs" AND (tamper_event="false_positive" OR version="13.6.11" OR version="13.7")

📊 Metadata

CVE ID: CVE-2025-59702

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-203

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: December 2, 2025

Last Updated: December 8, 2025

🔗 References

https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj Exploit,Third Party Advisory
https://www.entrust.com/use-case/why-use-an-hsm Product
https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59702, you might also want to check these: