CVE-2025-59703

# CVE-2025-59703 F14 Physical Attack PoC # Note: This is a conceptual PoC for educational/research purposes only # Actual exploitation requires physical access to the HSM device class F14Attack: def __init__(self, target_device): self.target = target_device self.attack_steps = [] def remove_tamper_label(self): """ Step 1: Carefully remove the tamper-evident label without damaging it or leaving traces """ print(f"[*] Removing tamper label from {self.target}") # Use heat gun to soften adhesive # Slowly peel from corner without tearing self.attack_steps.append("Tamper label removed") return True def remove_fixing_screws(self): """ Step 2: Remove all fixing screws from the device """ print(f"[*] Removing fixing screws from {self.target}") # Locate and remove all security screws self.attack_steps.append("All screws removed") return True def access_internal_components(self): """ Step 3: Open device and access internal components without causing visible damage """ print(f"[*] Accessing internal components of {self.target}") # Separate casing without scratching self.attack_steps.append("Internal components accessed") return True def extract_sensitive_data(self): """ Step 4: Extract keys, firmware, or other sensitive data """ print(f"[*] Extracting sensitive data from {self.target}") # Access flash memory, key storage, etc. self.attack_steps.append("Sensitive data extracted") return True def execute_attack(self): """Execute the complete F14 attack chain""" steps = [ self.remove_tamper_label, self.remove_fixing_screws, self.access_internal_components, self.extract_sensitive_data ] for step in steps: if not step(): print("[!] Attack failed at step") return False print("[+] F14 attack completed successfully") return True # Usage example # attack = F14Attack("Entrust nShield HSM") # attack.execute_attack()

{"cve": {"id": "CVE-2025-59703", "sourceIdentifier": "[email protected]", "published": "2025-12-02T16:15:55.317", "lastModified": "2025-12-08T19:39:02.430", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.6.12", "matchCriteriaId": "CFB3D135-8EAC-4053-BB94-18D5BBB24AE7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_5c_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.7", "versionEndExcluding": "13.9.0", "matchCriteriaId": "ED259AB7-BFED-4B97-B455-E1D34730CFFF"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:entrust:nshield_5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0F3F8-F5DE-41CB-B804-BBFB78C6ADEB"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.6.12", "matchCriteriaId": "ED3AEBBD-7F75-47F1-8EEA-342BAC9D265E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_hsmi_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.7", "versionEndExcluding": "13.9.0", "matchCriteriaId": "D7125CC3-3B27-4C90-97DE-51D226FBDC00"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:entrust:nshield_hsmi:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7665EE9-9F7F-456F-B172-ED188DD3BAD4"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.6.12", "matchCriteriaId": "F73858FD-5FE6-4AFA-84F2-E19743E9D900"}, {"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_base_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.7", "versionEndExcluding": "13.9.0", "matchCriteriaId": "01CDF5EE-9059-478A-BFE5-D7ADEF9625C4"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_base:-:*:*:*:*:*:*:*", "matchCriteriaId": "18FCA0E9-EEA9-40EC-9E0F-942F049D2354"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.6.12", "matchCriteriaId": "5A54F973-25D8-468D-B6A4-240A95D94A0B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_mid_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.7", "versionEndExcluding": "13.9.0", "matchCriteriaId": "0E43D1A7-9CB7-479D-89A9-D5041BB212A4"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_mid:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0ACAD9-BBCE-43CC-BD84-2023885725EE"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.6.12", "matchCriteriaId": "CBC11D8B-D72E-4CE9-AE61-AEA85F122F22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:entrust:nshield_connect_xc_high_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.7", "versionEndExcluding": "13.9.0", "matchCriteriaId": "1D7048C8-EB43-4F23-8946-456EF6F3A1B7"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:entrust:nshield_connect_xc_high:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F0EDB1F-932B-4EC5-9D09-03CAD98BC2FA"}]}]}], "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.entrust.com/use-ca ... (truncated)