Skip to main content
CVE-2025-60957 CRITICAL Act Now

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000, Ver 4.00) lets a low-privileged user inject OS commands that run on the underlying appliance, yielding arbitrary code execution, privilege escalation, information disclosure, and denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:L/S:C) shows a network-reachable, low-complexity flaw whose scope change lets a foothold on the management interface compromise the whole device. A third-party advisory (xdiv-sec) documents the issue; there is no public exploit identified and no CISA KEV listing at time of analysis, and EPSS is a modest 1.58% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2025-60965 CRITICAL Act Now

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets a privileged remote user inject arbitrary operating-system commands that run outside the vulnerable component, yielding full device takeover, denial of service, privilege escalation, and disclosure of sensitive timing/configuration data. Because Network Time Servers act as an authoritative time source for entire environments, compromise can cascade into time-manipulation attacks against downstream systems (logging, certificates, Kerberos). This is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documents the flaw; EPSS is modest at 1.63% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2025-60964 CRITICAL Act Now

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets an authenticated high-privileged operator inject shell commands into the appliance's underlying OS, escaping the management application to run arbitrary code as the device. Because the appliance is a hardened timing source, successful exploitation yields full compromise: code execution, denial of service, privilege escalation, and disclosure of sensitive data. No public exploit is identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; the EPSS score is moderate at 1.63% (73rd percentile) and the CVE is not on CISA KEV.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy