CVE-2025-60969 is a directory traversal vulnerability identified in the firmware version 4.00 of the EndRun Technologies Sonoma D12 Network Time Server (GPS). Directory traversal vulnerabilities occur when an application improperly sanitizes user-supplied input, allowing attackers to manipulate file paths and access files outside the intended directories. In this case, the vulnerability enables attackers to retrieve sensitive information stored on the device by traversing the file system beyond the web server's root directory. The affected device is a network time server used to provide precise time synchronization, often critical in telecommunications, financial services, and industrial control systems. The vulnerability does not require authentication, meaning any attacker with network access to the device’s management interface can exploit it. Although no public exploits or patches are currently available, the disclosure date is October 6, 2025, indicating that organizations should prepare for imminent risk. The lack of a CVSS score suggests that the vulnerability is newly published and not yet fully assessed, but the nature of directory traversal combined with unauthenticated access implies a significant threat. Attackers could leverage this vulnerability to obtain configuration files, credentials, or other sensitive data, potentially leading to further compromise or disruption of time synchronization services.

For European organizations, the impact of CVE-2025-60969 can be substantial, especially for sectors relying heavily on precise and secure time synchronization such as telecommunications, energy, finance, and critical infrastructure. Unauthorized access to sensitive information on the network time server could lead to exposure of configuration details or credentials, enabling attackers to manipulate time data or pivot to other network segments. This could disrupt time-dependent processes, cause data integrity issues, or facilitate advanced persistent threats. The confidentiality breach could also violate data protection regulations such as GDPR if personal or operational data is exposed. Given the device’s role in ensuring accurate timestamps for logs and transactions, exploitation could undermine forensic investigations and compliance efforts. The absence of known exploits currently provides a window for mitigation, but the risk remains high due to the device’s critical function and the vulnerability’s unauthenticated nature.

1. Immediate identification and inventory of all EndRun Technologies Sonoma D12 Network Time Servers within the organization’s network. 2. Restrict network access to the management interface of these devices using firewall rules or network segmentation to limit exposure only to trusted administrators. 3. Monitor network traffic for unusual access patterns or attempts to exploit directory traversal. 4. Contact EndRun Technologies for firmware updates or security advisories addressing this vulnerability; apply patches promptly once available. 5. Implement strong authentication and access control mechanisms on the device management interfaces if supported. 6. Use intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting directory traversal attempts. 7. Regularly audit device configurations and logs to detect unauthorized access or anomalies. 8. Consider deploying compensating controls such as VPN access or jump hosts to manage these devices securely until patches are released.