← back
CVE-2025-59693

CVE-2025-59693

CVSS 9.8 CRITICALEPSS 0.7%CWE-269
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwjhttps://www.entrust.com/use-case/why-use-an-hsm