Sonoma D12 CVE-2025-60958
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Authenticated (PR:L) reflected/stored XSS needing victim interaction (UI:R); script crosses into the browser context (S:C) with bounded confidentiality/integrity impact (C:L/I:L), not the input's claimed C:H/I:H.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
AnalysisAI
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.
Technical ContextAI
The Sonoma D12 is a hardware GPS-disciplined network time server (NTP/PTP) appliance used to distribute authoritative time to networks; like most such appliances it exposes an embedded web-based management console. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning user-controllable input is reflected or stored and rendered by the management UI without proper output encoding, allowing arbitrary HTML/JavaScript to execute in the browser of a user viewing the affected page. The single affected component per NVD CPE is cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0071-000, i.e. the operating firmware of this specific time-server model rather than a general-purpose OS or library.
RemediationAI
No vendor-released patch or fixed firmware version is identified in the available data, so a specific upgrade target cannot be cited; monitor EndRun Technologies (http://sonoma.com) for an updated firmware release superseding 6010-0071-000 Ver 4.00 and review the third-party advisory at https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12 for exact affected parameters. As compensating controls, restrict access to the device's web management interface to a dedicated management VLAN or trusted admin hosts via firewall/ACL so only authorized operators can reach it (trade-off: legitimate remote admins must use the management network or VPN), avoid browsing untrusted links while authenticated to the appliance to defeat the UI:R requirement, and reduce the number of accounts with management access since exploitation needs a low-privileged authenticated context. Because the flaw is in web output handling, placing the console behind a reverse proxy or WAF that enforces output/content-security policies can reduce script execution, though this may break legitimate console functionality and should be tested first.
More in Sonoma D12 Firmware
View allAuthenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,
Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00
Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a
Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today