Skip to main content

Sonoma D12 CVE-2025-60959

HIGH
OS Command Injection (CWE-78)
2025-10-06 cve@mitre.org
8.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
vuln.today AI
9.8 CRITICAL

OS command injection normally yields shell-level control, so I raise C/I/A to High; AV:N/AC:L/PR:N retained from the published vector as no authentication is documented, though management-interface auth is unconfirmed.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:35 vuln.today

DescriptionCVE.org

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

AnalysisAI

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject operating-system commands and extract sensitive information from the appliance. The flaw is reachable over the network without authentication per the published CVSS vector, and a third-party security advisory (xdiv-sec) documents the issue. No public exploit identified at time of analysis, and EPSS probability is low (1.00%, 59th percentile).

Technical ContextAI

The Sonoma D12 is a hardware GPS-disciplined network time server appliance used to provide authoritative NTP/timing to network infrastructure. The vulnerability is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning user-controllable input is passed into a shell or system() call on the embedded firmware without adequate sanitization, allowing attacker-supplied data to break out into arbitrary OS commands. The single affected component per NVD CPE is cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0071-000, i.e. the device firmware image itself; the injection point is almost certainly the device's web or network management interface, though the exact parameter is not enumerated in the NVD record.

RemediationAI

No vendor-released patch version is identified at time of analysis; the NVD references point only to the vendor site (http://sonoma.com) and a third-party research advisory (https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12), not to a tagged fixed firmware build - contact EndRun Technologies for a patched firmware image for the 6010-0071-000 line. As compensating controls: place the Sonoma D12 management interface on an isolated, out-of-band management VLAN and restrict inbound access to the web/management ports to a small set of trusted administrator hosts via ACL or firewall (trade-off: administrators must reach it through a jump host); disable any unused remote management services (HTTP/Telnet) in favor of authenticated, encrypted access only; and monitor the appliance and upstream firewall logs for anomalous requests to management endpoints. These controls reduce network reachability, which directly neutralizes the AV:N exposure, but do not fix the underlying injection.

CVE-2025-60957 CRITICAL
9.9 Oct 06

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,

CVE-2025-60965 CRITICAL
9.1 Oct 06

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000

CVE-2025-60964 CRITICAL
9.1 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60963 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60960 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60962 HIGH
8.2 Oct 06

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l

CVE-2025-60956 HIGH
8.0 Oct 06

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0

CVE-2025-60967 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00

CVE-2025-60958 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60961 MEDIUM
6.1 Oct 06

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a

CVE-2025-60969 MEDIUM
5.7 Oct 06

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s

Share

CVE-2025-60959 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy