CVE-2025-60965
Published: 06 October 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-60965 is an OS Command Injection vulnerability (CWE-78) in EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 Ver 4.00. Published on 2025-10-06T17:16:07.417, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact network-based exploitation.
Attackers with high privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction. Successful exploitation enables arbitrary code execution, denial of service, escalated privileges, disclosure of sensitive information, and possibly other unspecified impacts, with a changed scope amplifying the consequences across confidentiality, integrity, and availability.
Advisories detailing mitigations and patches are available from the vendor at http://endrun.com and http://sonoma.com, as well as a security research advisory at https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
OS Command Injection (CWE-78) directly enables T1059.004 (Unix Shell) for arbitrary command execution on likely Unix-based firmware; remote network exploitation (AV:N/PR:H) maps to T1210 (Exploitation of Remote Services) for RCE.