Skip to main content

Sonoma D12 CVE-2025-60961

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-10-06 cve@mitre.org
6.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.1 MEDIUM

Network-reachable web interface with no attacker privileges needed; scope changes to browser context; user interaction required for reflected XSS delivery.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:05 vuln.today

DescriptionCVE.org

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

AnalysisAI

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a remote unauthenticated attacker to inject and execute malicious scripts in the context of an authenticated user's browser session against the device's web management interface. Exploitation requires the attacker to trick an administrator into interacting with a crafted URL or page, after which the scope crosses into the victim's browser context, enabling session theft or credential harvesting. No public exploit confirmed at time of analysis, and EPSS of 0.22% (13th percentile) signals low automated exploitation activity.

Technical ContextAI

The Sonoma D12 (CPE: cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0071-000:*:*:*:*:*:*:*) is a GPS-disciplined hardware NTP appliance manufactured by EndRun Technologies, providing precise time synchronization for enterprise and critical infrastructure environments. It exposes a web-based management interface over HTTP/HTTPS, through which administrators configure timing parameters and monitor device status. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning the firmware's web interface fails to sanitize attacker-controlled input before reflecting or rendering it in HTML responses. The CVSS Scope:Changed metric confirms the injected script executes in the browser's security context rather than remaining confined to the device's response, enabling cross-origin data access.

RemediationAI

No vendor-released patched firmware version has been independently confirmed from available data; the NVD references point to the researcher advisory and the vendor homepage without citing a specific fixed release. Operators should monitor http://sonoma.com and contact EndRun Technologies directly for a firmware update addressing CVE-2025-60961. As an immediate compensating control, restrict access to the Sonoma D12 web management interface to dedicated, trusted management VLANs or hosts using firewall ACLs, preventing unauthenticated external actors from delivering XSS payloads to administrators - this eliminates network-vector exposure entirely for isolated environments. Additionally, administrators should avoid clicking external links or opening emails while logged into the device's web interface, reducing UI:R exploitation success. If the management interface is not required, disabling HTTP/HTTPS administration access where the device supports out-of-band management further reduces the attack surface. Note: network isolation does not fix the underlying vulnerability and should be treated as a temporary measure until a patched firmware is available.

CVE-2025-60957 CRITICAL
9.9 Oct 06

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,

CVE-2025-60965 CRITICAL
9.1 Oct 06

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000

CVE-2025-60964 CRITICAL
9.1 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60963 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60960 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60962 HIGH
8.2 Oct 06

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l

CVE-2025-60959 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60956 HIGH
8.0 Oct 06

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0

CVE-2025-60967 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00

CVE-2025-60958 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60969 MEDIUM
5.7 Oct 06

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s

Share

CVE-2025-60961 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy