NVD disclosure day

Published threat advisories for October 6, 2025

CVE advisoryCRITICAL

CVE-2025-60965

EndRun Sonoma D12 OS Command Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An OS command injection vulnerability exists in EndRun Technologies Sonoma D12 Network Time Server firmware, allowing an authenticated attacker to execute arbitrary code. This could lead to unauthorized access, sensitive information disclosure, or service disruption. The relevance of this vulnerability depends on wheth

CVE advisoryCRITICAL

CVE-2025-60964

EndRun Technologies Sonoma D12 OS Command Injection Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An OS command injection vulnerability exists in EndRun Technologies Sonoma D12 Network Time Server firmware, potentially allowing an authenticated attacker to execute arbitrary code, cause denial of service, escalate privileges, or access sensitive information. This could impact network infrastructure if the affected d

CVE advisoryCRITICAL

CVE-2025-60957

EndRun Sonoma D12 OS Command Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server firmware allows attackers with limited privileges to execute arbitrary code. This could lead to denial of service, privilege escalation, or unauthorized access to sensitive information if the device is reachable over a network.