CVE-2025-58066

Published: Aug 29, 2025

Modified: Sep 2, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.

Vendor	Product	Versions
pendulum-project	ntpd-rs	affected `>= 1.2.0, < 1.6.2`

Weaknesses (CWE)

CWE-406

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-4855-q42w-5vr4

x_refsource_CONFIRM

https://github.com/pendulum-project/ntpd-rs/commit/da37cf167736cbd4d7804b1ed7ceb572468298e0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-58066

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References