CVE-2025-59698 identifies a security vulnerability in Entrust nShield hardware security modules (HSMs), specifically the Connect XC, 5c, and HSMi models up to firmware versions 13.6.11 or 13.7. The flaw involves unauthorized access to the legacy bootloader, which is no longer supported (EOL) but remains present on the devices. The bootloader is a critical component responsible for initializing the device and loading the main firmware. If an attacker gains access to this bootloader, they could potentially bypass secure boot mechanisms, manipulate firmware loading, or extract sensitive cryptographic material stored within the HSM. The attack requires physical proximity, meaning the attacker must have direct access to the device hardware, which limits the attack surface but does not eliminate risk in environments where physical security is weak. No public exploits or active attacks have been reported, and no CVSS score has been assigned yet. The vulnerability highlights the risks associated with legacy components within security-critical hardware and underscores the importance of physical security controls. Since these HSMs are widely used for cryptographic key management in sectors such as finance, government, and critical infrastructure, exploitation could lead to severe breaches of confidentiality and integrity of cryptographic operations.

For European organizations, the impact of this vulnerability could be significant, especially for those relying on Entrust nShield HSMs to protect cryptographic keys and perform secure cryptographic operations. Successful exploitation could allow attackers to bypass hardware-enforced security boundaries, potentially leading to unauthorized key extraction, firmware tampering, or persistent compromise of cryptographic functions. This could undermine the trustworthiness of digital signatures, encryption, and authentication processes, affecting data confidentiality and integrity. Sectors such as banking, government agencies, telecommunications, and critical infrastructure operators are particularly at risk. The requirement for physical access reduces the likelihood of widespread remote attacks but increases the importance of physical security controls. Additionally, the presence of an EOL legacy bootloader suggests that these devices may not receive further security updates, increasing long-term risk if devices remain in use without replacement or mitigation.

European organizations should implement strict physical security measures around Entrust nShield HSMs, including controlled access to server rooms and hardware, surveillance, and tamper-evident seals. They should audit and monitor physical access logs regularly. Organizations must consult Entrust for any available firmware updates or security advisories addressing this vulnerability or consider upgrading to newer HSM models without legacy bootloader components. Network segmentation and limiting administrative access to HSM management interfaces can reduce attack vectors. Additionally, organizations should conduct risk assessments to evaluate the continued use of affected HSMs and plan for hardware replacement if necessary. Incident response plans should include procedures for suspected physical tampering. Finally, organizations should ensure that cryptographic keys are rotated regularly and that backup keys are stored securely to limit exposure in case of compromise.