CRITICAL🇵🇱 Wersja polska

CVE-2025-59695

CVSS 9.8v3.1pub. 2025-12-02upd. 2025-12-15

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-306 (missing authentication for critical function) involves the Chassis Management Board firmware update mechanism not verifying the identity of the entity initiating the operation. A user with root privileges at the operating system level of the device can directly upload and install modified or malicious firmware on the CMB, bypassing any authorization controls. The manufacturer identifies this vulnerability internally as F04.

Impact

An attacker with root access to the device's operating system can permanently modify CMB firmware, which may lead to complete compromise of HSM module integrity, loss of confidentiality of stored cryptographic keys, and establishment of persistence of malicious code at the hardware level, which is difficult to detect and remove.

Mitigation & patch

Apply patches available from the manufacturer according to the references. As a risk-limiting measure, strictly control and limit root access to the operating system of nShield devices, applying the principle of least privilege and monitoring any attempts to gain administrative access to these devices.

Who is affected

Entrust nShield Connect XC, nShield 5c and nShield HSMi in versions up to 13.6.11 inclusive and 13.7. Affects products: nShield Connect XC Mid, nShield Connect XC Base, nShield Connect XC Base Firmware, nShield HSMi Firmware, nShield HSMi.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Entrust Nshield 5c

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield 5c Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
  • Entrust Nshield Connect Xc Base

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc Base Firmware

    OS
    Entrust
    13.7.3 – 13.9.0 (bez)< 13.6.12
  • Entrust Nshield Connect Xc High

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc High Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
  • Entrust Nshield Connect Xc Mid

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc Mid Firmware

    OS
    Entrust
    13.7.3 – 13.9.0 (bez)< 13.6.12
  • Entrust Nshield Hsmi

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Hsmi Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-59693CRITICAL9.8PL ✓ten sam produkt

Entrust nShield HSM — privilege escalation przez fizyczny dostęp JTAG

CVE-2025-59703CRITICAL9.1PL ✓ten sam produkt

Entrust nShield HSM: fizyczny dostęp do wnętrza urządzenia bez śladów ingerencji

CVE-2025-59702HIGH7.2ten sam produkt

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...

CVE-2025-59697HIGH7.2ten sam produkt

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...

CVE-2025-59694MEDIUM6.8ten sam produkt

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 1...