CVE-2025-59698 is a vulnerability identified in Entrust nShield hardware security modules (HSMs), specifically the Connect XC, 5c, and HSMi models up to firmware versions 13.6.11 and 13.7. The issue lies in the exposure of the legacy bootloader, which is no longer supported (end-of-life) but remains accessible under certain conditions. A physically proximate attacker can exploit this vulnerability without requiring authentication or user interaction, by gaining direct physical access to the device. The legacy bootloader could allow the attacker to bypass security controls, potentially extracting sensitive cryptographic keys or manipulating cryptographic operations, thereby compromising confidentiality, integrity, and availability of protected data and services. The CVSS 3.1 base score is 6.8, reflecting medium severity, with attack vector classified as physical (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild and no patches have been released, the vulnerability represents a significant risk to environments relying on these HSMs for secure key management. The weakness is categorized under CWE-1270, which relates to improper protection of legacy components. The vulnerability underscores the importance of securing physical access to cryptographic hardware and updating or replacing devices that contain legacy components with known weaknesses.

For European organizations, this vulnerability poses a substantial risk to entities that depend on Entrust nShield HSMs for critical cryptographic operations, such as financial institutions, government agencies, and critical infrastructure providers. If exploited, attackers with physical access could extract cryptographic keys or manipulate cryptographic processes, leading to data breaches, unauthorized transactions, or disruption of secure communications. This could undermine trust in digital services, cause regulatory compliance violations (e.g., GDPR), and result in financial and reputational damage. The physical access requirement limits the attack scope to environments where attackers can get close to the hardware, such as data centers, branch offices, or poorly secured facilities. However, insider threats or sophisticated adversaries targeting high-value assets could leverage this vulnerability. The lack of available patches means organizations must rely on physical security controls and operational mitigations until a vendor fix is released. The impact is particularly critical for sectors with stringent security requirements and high-value cryptographic assets.

1. Enforce strict physical security controls around all Entrust nShield HSM devices, including locked server rooms, surveillance, and access logging. 2. Implement tamper-evident seals and regular physical inspections to detect unauthorized access attempts. 3. Limit personnel with physical access to trusted and trained staff only. 4. Monitor device logs and environmental sensors for signs of tampering or unusual activity. 5. Develop and test incident response plans specific to hardware security breaches. 6. Engage with Entrust to obtain information on forthcoming patches or firmware updates addressing this vulnerability. 7. Plan for hardware upgrades or replacements to versions not affected by this vulnerability, especially for devices running legacy bootloaders. 8. Consider deploying additional layers of cryptographic key protection, such as multi-factor authentication for key usage or key splitting, to reduce risk if keys are exposed. 9. Review and update asset inventories to identify all affected devices and prioritize remediation efforts. 10. Educate staff about the risks of physical attacks on cryptographic hardware and the importance of vigilance.