Skip to main content

Sonoma D12 CVE-2025-60969

MEDIUM
Path Traversal (CWE-22)
2025-10-06 cve@mitre.org
5.7
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.7 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable web interface with low-privilege auth required; path traversal is direct read with no write or availability impact, and UI:R is not typical for server-side traversal.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:06 vuln.today

DescriptionCVE.org

Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

AnalysisAI

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes sensitive files to authenticated network attackers. The flaw resides in the device's web interface, where insufficiently validated path input allows an attacker to escape the intended directory root and read arbitrary files from the underlying filesystem. No public exploit code or active exploitation has been confirmed at time of analysis, but a third-party security researcher advisory exists at xdiv-sec.github.io detailing the issue.

Technical ContextAI

CWE-22 (Path Traversal) describes failure to neutralize special path elements ('../', '%2e%2e/', etc.) before using attacker-controlled input to construct file paths. The affected product is a purpose-built GPS-disciplined NTP appliance manufactured by EndRun Technologies; the specific firmware identified by CPE cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0076-000 is version 4.00. Such appliances typically expose an embedded web management interface over HTTP/HTTPS, and the traversal likely occurs within a file-serving or log-retrieval function of that interface. Because this is an embedded firmware target, the underlying OS and file layout are fixed, making sensitive file paths (credential stores, configuration files, private keys) predictable.

RemediationAI

No vendor-released patch has been identified at time of analysis; affected firmware version is 6010-0076-000 Ver 4.00. Operators should contact EndRun Technologies directly to request a patched firmware release. As an immediate compensating control, restrict network access to the Sonoma D12 web management interface using firewall rules or ACLs so that only trusted management hosts can reach it - this directly addresses the AV:N vector and eliminates remote exploitation even without a patch. Additionally, disable the web interface entirely if NTP-only operation is sufficient, since the core time-serving function (NTP/PTP) does not require the HTTP management plane. Audit web interface user accounts and remove any unnecessary low-privilege accounts to raise the authentication barrier. Note that restricting web access may impair remote monitoring and configuration capabilities.

CVE-2025-60957 CRITICAL
9.9 Oct 06

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000,

CVE-2025-60965 CRITICAL
9.1 Oct 06

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000

CVE-2025-60964 CRITICAL
9.1 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60963 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60960 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) le

CVE-2025-60962 HIGH
8.2 Oct 06

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) l

CVE-2025-60959 HIGH
8.2 Oct 06

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60956 HIGH
8.0 Oct 06

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.0

CVE-2025-60967 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00

CVE-2025-60958 HIGH
7.3 Oct 06

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) let

CVE-2025-60961 MEDIUM
6.1 Oct 06

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a

Share

CVE-2025-60969 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy