CVE Catalog

CVE-2025-60961

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability has been found in EndRun Technologies Sonoma D12 Network Time Server (GPS) running F/W 6010-0071-000 Ver 4.00. Attackers can exploit it to steal sensitive information and possibly cause other unspecified impacts.

Risk Assessment

The risk includes leakage of confidential data, hijacking of administrative sessions, and potential further attack escalation within the organization's internal network.

Recommendation

Immediately contact the vendor for a firmware update and apply temporary mitigations such as traffic filtering and restricting access to the management interface.

Original NVD description (English source)

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS