CVE-2025-59702 is a vulnerability identified in Entrust nShield hardware security modules (HSMs), specifically the Connect XC, 5c, and HSMi models up to firmware versions 13.6.11 and 13.7. The flaw allows an attacker who has both physical proximity and elevated privileges on the device to falsify tamper events by accessing and manipulating internal components of the HSM. Tamper events are security mechanisms designed to detect and respond to unauthorized physical access or tampering attempts, often triggering protective measures such as zeroization of sensitive keys. By falsifying these events, an attacker can potentially bypass or confuse the HSM’s tamper detection, undermining the device’s integrity and security guarantees. The vulnerability is classified under CWE-284 (Improper Access Control) and CWE-203 (Information Exposure Through Discrepancy), indicating weaknesses in access control and information leakage. The CVSS v3.1 base score is 7.2 (high severity), with attack vector requiring physical access (AV:P), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), and a scope change (S:C) that affects confidentiality, integrity, and availability (C:H/I:H/A:H). This means exploitation is feasible with physical access and elevated privileges, and can have widespread impact on the security properties of the HSM and dependent systems. No public exploits are known at this time, but the vulnerability poses a significant risk to environments relying on these HSMs for cryptographic key protection and secure operations. The lack of available patches at the time of disclosure necessitates immediate compensating controls.

For European organizations, the impact of this vulnerability is substantial, especially for those in sectors relying heavily on hardware security modules for cryptographic key management, such as financial institutions, government agencies, telecommunications, and critical infrastructure operators. Successful exploitation could lead to falsified tamper alerts, preventing legitimate detection of physical intrusion attempts, and potentially enabling attackers to extract or manipulate cryptographic keys and sensitive data. This compromises confidentiality and integrity of encrypted communications and stored secrets, and may disrupt availability if the HSM’s protective mechanisms are triggered incorrectly or disabled. The trustworthiness of digital signatures, secure transactions, and identity management systems could be undermined, leading to regulatory compliance issues and reputational damage. Given the physical access requirement, insider threats or attackers with physical proximity to HSMs pose the greatest risk. The vulnerability’s scope change means that compromised HSMs could affect multiple connected systems, amplifying the impact across organizational infrastructure.

1. Enforce strict physical security controls around HSM devices, including secure access areas, surveillance, and tamper-evident seals to prevent unauthorized physical proximity. 2. Limit and monitor privileged user access to the HSMs, employing role-based access control and multi-factor authentication to reduce risk of insider threats. 3. Implement continuous monitoring and alerting for anomalous tamper events or unusual device behavior that could indicate exploitation attempts. 4. Segregate HSMs from general network access where possible, using dedicated management networks to reduce attack surface. 5. Maintain an inventory of all Entrust nShield devices and firmware versions to identify affected units. 6. Engage with Entrust support for timely updates and patches as they become available, and plan for rapid deployment. 7. Conduct regular security audits and penetration testing focusing on physical security and HSM integrity. 8. Develop incident response plans specifically addressing HSM compromise scenarios to minimize impact if exploitation occurs.