CVE Catalog

CVE-2025-60965

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.38%

69th percentile - higher than 69% of all known CVEs

Summary

An OS Command Injection vulnerability has been discovered in the EndRun Technologies Sonoma D12 Network Time Server (GPS) running firmware F/W 6010-0071-000 Ver 4.00. Attackers can exploit this to execute arbitrary code, cause denial of service, escalate privileges, obtain sensitive information, and possibly cause other unspecified impacts.

Risk Assessment

The organization faces complete compromise of the device, potentially leading to breach of network data integrity and confidentiality, as well as disruption of time synchronization across the IT infrastructure.

Recommendation

Immediately update the device firmware to the latest version provided by the manufacturer. Until the update is applied, restrict access to the time server to trusted networks only and implement firewall rules to block unauthorized connections.

Original NVD description (English source)

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS