CVE-2025-60956

HIGH

EndRun Technologies Sonoma D12 - CSRF

Title source: llm

Description

Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

References (3)

[Broken Link] http://endrun.com

[Not Applicable] http://sonoma.com

[Third Party Advisory] https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12

Scores

CVSS v3 8.0

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

endruntechnologies/sonoma_d12_firmware

Timeline

Published Oct 06, 2025

Tracked Since Feb 18, 2026