CVE-2025-60965
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk69th percentile - higher than 69% of all known CVEs
Summary
An OS Command Injection vulnerability has been discovered in the EndRun Technologies Sonoma D12 Network Time Server (GPS) running firmware F/W 6010-0071-000 Ver 4.00. Attackers can exploit this to execute arbitrary code, cause denial of service, escalate privileges, obtain sensitive information, and possibly cause other unspecified impacts.
Risk Assessment
The organization faces complete compromise of the device, potentially leading to breach of network data integrity and confidentiality, as well as disruption of time synchronization across the IT infrastructure.
Recommendation
Immediately update the device firmware to the latest version provided by the manufacturer. Until the update is applied, restrict access to the time server to trusted networks only and implement firewall rules to block unauthorized connections.
Original NVD description (English source)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

