CVE-2025-59703
Entrust · nShield Connect/5c/HSMi
Entrust nShield HSM appliances are susceptible to a physical tampering attack (F14) that allows access to internal components without leaving visible evidence.
Executive summary
A critical physical security vulnerability in Entrust nShield HSM appliances allows a proximate attacker to bypass tamper-evident protections and access internal hardware.
Vulnerability
This is a physical security flaw requiring the attacker to be in close proximity to the device. By carefully removing the tamper-evident label and mechanical fasteners, an attacker can access the HSM's internal components without triggering standard tamper-detection mechanisms.
Business impact
With a CVSS score of 9.1, this represents a severe threat to the integrity of cryptographic operations. Successful exploitation could lead to the extraction of sensitive cryptographic material, undermining the root of trust for the entire organization's security infrastructure.
Remediation
Immediate Action: Review physical security controls for all data centers or facilities housing nShield HSM appliances to prevent unauthorized physical access.
Proactive Monitoring: Conduct regular physical inspections of HSM units for signs of tampering, such as misaligned labels or loose fasteners, despite the lack of obvious evidence.
Compensating Controls: Implement strict multi-person access controls and surveillance systems for the physical cages or racks where HSMs are located.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
While this is a physical vulnerability rather than a software bug, the risk to cryptographic integrity is extreme. Organizations must ensure that physical access to HSMs is restricted to authorized, vetted personnel and that high-security standards are enforced for all hardware appliances.