Sonoma D12 Firmware
CVE-2025-60957
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
AnalysisAI
Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000, Ver 4.00) lets a low-privileged user inject OS commands that run on the underlying appliance, yielding arbitrary code execution, privilege escalation, information disclosure, and denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:L/S:C) shows a network-reachable, low-complexity flaw whose scope change lets a foothold on the management interface compromise the whole device. A third-party advisory (xdiv-sec) documents the issue; there is no public exploit identified and no CISA KEV listing at time of analysis, and EPSS is a modest 1.58% (73rd percentile).
More in Sonoma D12 Firmware
View allAuthenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a
Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today