CVE-2025-59697 is a privilege escalation vulnerability affecting Entrust nShield Connect XC, nShield 5c, and nShield HSMi devices running firmware versions up to 13.6.11 and 13.7. The vulnerability arises from the ability of an attacker with physical proximity to modify the Legacy GRUB bootloader configuration on the host operating system. By editing the GRUB configuration, the attacker can configure the system to launch a root shell immediately upon boot, effectively bypassing authentication and gaining full root privileges. This root shell access allows the attacker to compromise the confidentiality and integrity of the cryptographic operations performed by the HSM, potentially exposing sensitive keys and cryptographic material. The attack requires physical access to the device or host system, making remote exploitation infeasible. No public exploits or patches are currently available, and the vulnerability was reserved in September 2025 and published in December 2025. The lack of a CVSS score indicates that the vulnerability is newly disclosed and pending further assessment. The attack leverages a weakness in bootloader security, emphasizing the importance of secure boot mechanisms and physical security controls for critical cryptographic hardware. Organizations using these Entrust HSMs should be aware of the risk of physical tampering leading to full system compromise.

For European organizations, the impact of CVE-2025-59697 is significant due to the critical role Entrust nShield HSMs play in securing cryptographic keys and operations for sectors such as finance, government, telecommunications, and critical infrastructure. Successful exploitation compromises the root of trust by granting attackers root shell access, potentially exposing private keys, signing operations, and encrypted data. This can lead to unauthorized data decryption, fraudulent transactions, and undermining of digital signatures. The physical access requirement limits the scope but does not eliminate risk, especially in environments where physical security may be less stringent or where insider threats exist. The integrity and availability of cryptographic services can also be disrupted, impacting business continuity and regulatory compliance. European organizations must consider the risk of targeted attacks on high-value HSM deployments, particularly in countries with advanced digital economies and critical infrastructure.

1. Enforce strict physical security controls around Entrust nShield HSM devices and their host systems, including locked server rooms, surveillance, and access logging. 2. Implement tamper-evident seals and intrusion detection mechanisms on HSM hardware to detect unauthorized physical access. 3. Monitor and verify the integrity of the GRUB bootloader configuration regularly to detect unauthorized changes. 4. Employ secure boot mechanisms where possible to prevent unauthorized bootloader modifications. 5. Restrict and audit administrative access to systems hosting the HSMs to minimize insider threat risks. 6. Coordinate with Entrust to obtain and apply firmware or software patches addressing this vulnerability once released. 7. Conduct regular security training and awareness for personnel managing physical and logical access to critical cryptographic infrastructure. 8. Consider network segmentation and additional layers of defense to limit attacker movement even if physical access is gained.