Cyber Resilience

CVE-2025-59693

CriticalPublic PoC

Published: 02 December 2025

Published
02 December 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59693 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Entrust Nshield 5C Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without…

more

leaving evidence, and accessing the JTAG connector. This is called F02.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1006 Direct Volume Access Stealth
Adversaries may directly access a volume to bypass file access controls and file system monitoring.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1542.002 Component Firmware Stealth
Adversaries may modify component firmware to persist on systems.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Physical bypass of tamper protections enables direct volume access to unencrypted SSD (T1006), exploitation via JTAG for privilege escalation (T1068), firmware modification on component (T1542.002), tamper log deletion (T1070.004), and disabling security tools (T1562.001).

Affected Assets

entrust
nshield 5c firmware
≤ 13.6.12 · 13.7.3 — 13.9.0
entrust
nshield hsmi firmware
≤ 13.6.12 · 13.7.3 — 13.9.0
entrust
nshield connect xc base firmware
≤ 13.6.12 · 13.7.3 — 13.9.0
entrust
nshield connect xc mid firmware
≤ 13.6.12 · 13.7.3 — 13.9.0
entrust
nshield connect xc high firmware
≤ 13.6.12 · 13.7.3 — 13.9.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-269

Policy addresses roles, responsibilities, and privilege management to prevent improper privilege assignments.

addresses: CWE-269

Access supervision ensures privileges are assigned and managed without improper escalation or retention.

addresses: CWE-269

Assigning group/role memberships and access authorizations (privileges) while reviewing accounts addresses improper privilege management.

addresses: CWE-269

Enforces proper privilege management by requiring all decisions through the verified reference monitor.

addresses: CWE-269

By mandating division of duties across roles, the control enforces proper privilege management and prevents a single entity from controlling an entire sensitive process.

addresses: CWE-269

Implements core proper privilege management by restricting to only required rights.

addresses: CWE-269

Policy requires training on privilege management and least privilege, making it harder to exploit improper privilege management weaknesses.

addresses: CWE-269

Training covers proper privilege management practices, making incorrect privilege assignments less likely.

References