CVE-2025-60957
CriticalCVSS 9.9Exploitation Probability (EPSS)
Elevated risk68th percentile - higher than 68% of all known CVEs
Summary
An OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) with firmware F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, escalate privileges, and obtain sensitive information.
Risk Assessment
The organization risks complete compromise of the device, potentially leading to time synchronization disruption, network data leakage, and use of the server as an entry point for further attacks within the infrastructure.
Recommendation
Immediately update the firmware to the latest version provided by the vendor and restrict management interface access to trusted networks only.
Original NVD description (English source)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

