Cyber Posture

CVE-2025-60957

Critical

Published: 06 October 2025

Published
06 October 2025
Modified
10 October 2025
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0016 36.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-60957 is an OS Command Injection vulnerability (CWE-78) in the EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 Ver 4.00. Published on 2025-10-06T17:16:06.497, it carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across multiple security principles.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables execution of arbitrary code, denial of service, privilege escalation, and disclosure of sensitive information, with high scope change (S:C) amplifying effects on confidentiality (C:H), integrity (I:H), and availability (A:H).

Advisories providing further details, including potential mitigations or patches, are available from EndRun Technologies at http://endrun.com, Sonoma at http://sonoma.com, and a researcher advisory at https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12.

Details

CWE(s)
CWE-78

Affected Products

endruntechnologies
sonoma d12 firmware
6010-0071-000

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

OS command injection in a public-facing network time server directly enables exploitation of public-facing application (T1190), command execution via Unix shell (T1059.004), and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References