CVE-2025-60956
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endruntechnologies | sonoma_d12_firmware | 6010-0071-000 |
| endruntechnologies | sonoma_d12 | 4.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can have severe impacts including allowing attackers to execute arbitrary code remotely, cause denial of service, escalate their privileges on the device, and gain access to sensitive information. This can lead to full system compromise and disruption of network time services. [1]
What immediate steps should I take to mitigate this vulnerability?
Until vendor patches are available, an interim mitigation involves disabling web-management access by removing execute permissions on the HTTP daemon startup script (/etc/rc.d/rc.httpd), copying it to the boot directory, and rebooting the device. This mitigation has been verified by the vendor but may have operational impacts and should be tested in controlled environments. [1]
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Request Forgery (CSRF) issue in the EndRun Technologies Sonoma D12 Network Time Server firmware version 4.00. It allows attackers to trick the device into executing unauthorized actions, which can lead to arbitrary code execution, denial of service, privilege escalation, and exposure of sensitive information. [1]