CVE Catalog

CVE-2025-60957

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.34%

68th percentile - higher than 68% of all known CVEs

Summary

An OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) with firmware F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, escalate privileges, and obtain sensitive information.

Risk Assessment

The organization risks complete compromise of the device, potentially leading to time synchronization disruption, network data leakage, and use of the server as an entry point for further attacks within the infrastructure.

Recommendation

Immediately update the firmware to the latest version provided by the vendor and restrict management interface access to trusted networks only.

Original NVD description (English source)

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS