Sonoma D12 Firmware
CVE-2025-60967
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
AnalysisAI
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00) lets an attacker inject script into the appliance's web management interface, executing in the browser of an authenticated operator who views the malicious content and enabling theft of session data and sensitive configuration information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R) indicates a remote, low-complexity attack that requires low-privilege access to inject and victim interaction to trigger. No public exploit identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; EPSS is low at 0.28% (20th percentile).
More in Sonoma D12 Firmware
View allAuthenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,
Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le
OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let
Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a
Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes s
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today