CVE-2025-59698
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-08
Assigner: MITRE
Description
Description
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| entrust | nshield_5c_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_5c | * |
| entrust | nshield_hsmi_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_hsmi | * |
| entrust | nshield_connect_xc_base_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_base_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_base | * |
| entrust | nshield_connect_xc_mid_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_mid_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_mid | * |
| entrust | nshield_connect_xc_high_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_high_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_connect_xc_high | * |
| entrust | nshield_5c_firmware | From 13.7 (inc) to 13.9.0 (inc) |
| entrust | nshield_hsmi_firmware | From 13.7 (inc) to 13.9.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1270 | The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect. |
