CVE-2025-59700 is a vulnerability identified in Entrust nShield hardware security modules (HSMs), specifically the Connect XC, 5c, and HSMi models up to firmware versions 13.6.11 and 13.7. The flaw arises from the absence of integrity protection on the Recovery Partition of these devices. An attacker who has both physical proximity and root-level access to the device can modify this partition. The Recovery Partition typically contains critical recovery and boot code used to restore or maintain the device's secure state. By altering this partition, an attacker could implant persistent malicious code or disrupt the device's secure boot process, undermining the cryptographic assurances the HSM provides. This could lead to unauthorized cryptographic operations, key extraction, or denial of service. The requirement for physical access and root privileges significantly raises the bar for exploitation, making remote attacks infeasible. No CVSS score has been assigned yet, and no exploits have been reported in the wild. The vulnerability was reserved in September 2025 and published in December 2025. Entrust HSMs are widely used in sectors requiring high-assurance cryptographic operations, including financial institutions, government agencies, and critical infrastructure providers.

For European organizations, this vulnerability poses a significant risk to the integrity and trustworthiness of cryptographic operations. HSMs are foundational for securing sensitive data, managing cryptographic keys, and ensuring compliance with regulations such as GDPR and eIDAS. If an attacker with physical access and root privileges modifies the Recovery Partition, they could compromise the device's secure boot and recovery processes, potentially enabling persistent tampering or key compromise. This could lead to unauthorized data decryption, fraudulent transactions, or disruption of critical services. The impact is particularly severe for sectors relying heavily on Entrust HSMs, such as banking, government, telecommunications, and energy. However, the need for physical proximity and root access limits the threat to environments where physical security controls are weak or insider threats exist. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Enforce strict physical security controls around HSM devices to prevent unauthorized physical access. 2. Implement robust access control and monitoring to detect and prevent unauthorized root-level access to HSM management interfaces. 3. Regularly audit and monitor device logs for signs of tampering or unauthorized modifications. 4. Coordinate with Entrust to obtain and apply firmware updates or patches addressing this vulnerability as soon as they become available. 5. Employ hardware tamper-evident seals and intrusion detection mechanisms on HSM devices. 6. Limit the number of personnel with root or administrative privileges and enforce strong authentication methods. 7. Consider deploying additional layers of cryptographic key management and validation to detect anomalies caused by compromised HSM firmware. 8. Develop incident response plans specifically addressing potential HSM compromise scenarios.