OS Command Injection Vulnerability in Microchip Time Provider 4100
CVE-2025-47901

8.9HIGH

Key Information:

Vendor: Microchip
Status: Time Provider 4100
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-47901?

The Time Provider 4100 by Microchip is susceptible to an OS Command Injection vulnerability. This security flaw arises from improper handling of special elements in OS commands, allowing unauthorized command execution. The affected versions are prior to 2.5. Users of the Time Provider 4100 should urgently assess their systems and apply necessary updates to mitigate potential risks associated with this oversight.

Affected Version(s)

Time Provider 4100 0 < 2.5

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
May 13, 2025

Credit

Dario Emilio Bertani

Raffaele Bova

Andrea Sindoni

Simone Bossi

Antonio Carriero

Marco Manieri

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research (TIM S.p.A)

JSON