OS Command Injection Vulnerability in Microchip Time Provider 4100
CVE-2025-47900

8.9HIGH

Key Information:

Vendor: Microchip
Status: Time Provider 4100
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-47900?

A vulnerability exists in the Microchip Time Provider 4100 that allows for OS Command Injection due to improper neutralization of special elements. This flaw can lead to unauthorized command execution, compromising the integrity and security of the system. Affected versions are prior to 2.5. It is essential for users to update their installations promptly to mitigate potential risks.

Affected Version(s)

Time Provider 4100 0 < 2.5

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
May 13, 2025

Credit

Dario Emilio Bertani

Raffaele Bova

Andrea Sindoni

Simone Bossi

Antonio Carriero

Marco Manieri

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research (TIM S.p.A)

JSON