Description

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.

INFO

Published Date :

2025-08-29T20:54:13.174Z

Last Modified :

2025-09-02T13:53:59.838Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58066 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58066.

URL Resource
https://github.com/pendulum-project/ntpd-rs/commit/da37cf167736cbd4d7804b1ed7ceb572468298e0 cve-icon cve-icon
https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-4855-q42w-5vr4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact