← back
CVE-2025-59694

CVE-2025-59694

CVSS 6.8 MEDIUMEPSS 0.3%CWE-1274
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwjhttps://www.entrust.com/use-case/why-use-an-hsm