CVE-2025-60961
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability has been found in EndRun Technologies Sonoma D12 Network Time Server (GPS) running F/W 6010-0071-000 Ver 4.00. Attackers can exploit it to steal sensitive information and possibly cause other unspecified impacts.
Risk Assessment
The risk includes leakage of confidential data, hijacking of administrative sessions, and potential further attack escalation within the organization's internal network.
Recommendation
Immediately contact the vendor for a firmware update and apply temporary mitigations such as traffic filtering and restricting access to the management interface.
Original NVD description (English source)
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

