CVE-2025-60964
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk69th percentile - higher than 69% of all known CVEs
Summary
An OS Command Injection vulnerability has been discovered in the EndRun Technologies Sonoma D12 Network Time Server (GPS) running firmware F/W 6010-0071-000 Ver 4.00. Attackers can execute arbitrary code, cause denial of service, escalate privileges, obtain sensitive information, and possibly cause other unspecified impacts.
Risk Assessment
The organization faces complete compromise of the time server device, potentially disrupting network time synchronization, leaking confidential data, and enabling further attacks on IT infrastructure.
Recommendation
Immediately contact the vendor for a firmware update. Until a patch is available, restrict management interface access to trusted networks only.
Original NVD description (English source)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

