CVE-2025-59697

Published Dec 2, 2025

Last updated 3 months ago

CVSS high 7.2

Overview

Description: Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
Source: cve@mitre.org
NVD status: Analyzed
Products: nshield_5c_firmware, nshield_hsmi_firmware, nshield_connect_xc_base_firmware, nshield_connect_xc_mid_firmware, nshield_connect_xc_high_firmware

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.2
Impact score: 6
Exploitability score: 0.5
Vector string: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CFB3D135-8EAC-4053-BB94-18D5BBB24AE7",
            "versionEndExcluding": "13.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "ED259AB7-BFED-4B97-B455-E1D34730CFFF",
            "versionEndExcluding": "13.9.0",
            "versionStartIncluding": "13.7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:entrust:nshield_5c:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "2BB0F3F8-F5DE-41CB-B804-BBFB78C6ADEB",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "ED3AEBBD-7F75-47F1-8EEA-342BAC9D265E",
            "versionEndExcluding": "13.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D7125CC3-3B27-4C90-97DE-51D226FBDC00",
            "versionEndExcluding": "13.9.0",
            "versionStartIncluding": "13.7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:entrust:nshield_hsmi:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7665EE9-9F7F-456F-B172-ED188DD3BAD4",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F73858FD-5FE6-4AFA-84F2-E19743E9D900",
            "versionEndExcluding": "13.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "01CDF5EE-9059-478A-BFE5-D7ADEF9625C4",
            "versionEndExcluding": "13.9.0",
            "versionStartIncluding": "13.7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_base:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "18FCA0E9-EEA9-40EC-9E0F-942F049D2354",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5A54F973-25D8-468D-B6A4-240A95D94A0B",
            "versionEndExcluding": "13.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0E43D1A7-9CB7-479D-89A9-D5041BB212A4",
            "versionEndExcluding": "13.9.0",
            "versionStartIncluding": "13.7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_mid:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB0ACAD9-BBCE-43CC-BD84-2023885725EE",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CBC11D8B-D72E-4CE9-AE61-AEA85F122F22",
            "versionEndExcluding": "13.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1D7048C8-EB43-4F23-8946-456EF6F3A1B7",
            "versionEndExcluding": "13.9.0",
            "versionStartIncluding": "13.7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_high:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "3F0EDB1F-932B-4EC5-9D09-03CAD98BC2FA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References