Skip to main content

Sonoma D12 CVE-2025-60958

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-10-06 cve@mitre.org
7.3
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.3 HIGH
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
vuln.today AI
5.4 MEDIUM

Authenticated (PR:L) reflected/stored XSS needing victim interaction (UI:R); script crosses into the browser context (S:C) with bounded confidentiality/integrity impact (C:L/I:L), not the input's claimed C:H/I:H.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:34 vuln.today

DescriptionCVE.org

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

AnalysisAI

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.

Technical ContextAI

The Sonoma D12 is a hardware GPS-disciplined network time server (NTP/PTP) appliance used to distribute authoritative time to networks; like most such appliances it exposes an embedded web-based management console. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning user-controllable input is reflected or stored and rendered by the management UI without proper output encoding, allowing arbitrary HTML/JavaScript to execute in the browser of a user viewing the affected page. The single affected component per NVD CPE is cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0071-000, i.e. the operating firmware of this specific time-server model rather than a general-purpose OS or library.

RemediationAI

No vendor-released patch or fixed firmware version is identified in the available data, so a specific upgrade target cannot be cited; monitor EndRun Technologies (http://sonoma.com) for an updated firmware release superseding 6010-0071-000 Ver 4.00 and review the third-party advisory at https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12 for exact affected parameters. As compensating controls, restrict access to the device's web management interface to a dedicated management VLAN or trusted admin hosts via firewall/ACL so only authorized operators can reach it (trade-off: legitimate remote admins must use the management network or VPN), avoid browsing untrusted links while authenticated to the appliance to defeat the UI:R requirement, and reduce the number of accounts with management access since exploitation needs a low-privileged authenticated context. Because the flaw is in web output handling, placing the console behind a reverse proxy or WAF that enforces output/content-security policies can reduce script execution, though this may break legitimate console functionality and should be tested first.

CVE-2025-60957 CRITICAL
9.9 Oct 06

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,

CVE-2025-60965 CRITICAL
9.1 Oct 06

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000

CVE-2025-60964 CRITICAL
9.1 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60963 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60960 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60962 HIGH
8.2 Oct 06

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l

CVE-2025-60959 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60956 HIGH
8.0 Oct 06

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0

CVE-2025-60967 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00

CVE-2025-60961 MEDIUM
6.1 Oct 06

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a

CVE-2025-60969 MEDIUM
5.7 Oct 06

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s

Share

CVE-2025-60958 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy