CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60960

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.9%

CVSS Severity

CVSS v3 Score 8.2

References

http://endrun.com
http://sonoma.com
https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12

Products affected by CVE-2025-60960

Endruntechnologies » Sonoma D12 » Version: 4.00

cpe:2.3:h:endruntechnologies:sonoma_d12:4.00
Endruntechnologies » Sonoma D12 Firmware » Version: 6010-0071-000

cpe:2.3:o:endruntechnologies:sonoma_d12_firmware:6010-0071-000

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60960

Products

Pricing

Contact Us