Denial of Service Vulnerability in NTP Synchronization Tool by Pendulum
CVE-2025-58066

5.3MEDIUM

Key Information:

Vendor: Pendulum-project
Status: Ntpd-rs
Vendor: CVE Published:; 29 August 2025

🔔 Create Pendulum-project Vulnerability Alert

What is CVE-2025-58066?

The nptd-rs tool, responsible for synchronizing system clocks using NTP and NTS protocols, is susceptible to a denial of service vulnerability in versions 1.2.0 to 1.6.1. This issue arises when NTP servers allow non-NTS traffic, enabling an attacker to create a message storm between two servers running nptd-rs, potentially disrupting their operations. It's essential for those using affected versions to upgrade to version 1.6.2 promptly to mitigate these risks.

Affected Version(s)

ntpd-rs >= 1.2.0, < 1.6.2

References

https://github.com/pendulum-project/ntpd-rs/security/advi...

x_refsource_CONFIRM

https://github.com/pendulum-project/ntpd-rs/commit/da37cf...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Aug 22, 2025