SQL Injection Vulnerability in Microchip Time Provider 4100
CVE-2025-47902

7.1HIGH

Key Information:

Vendor: Microchip
Status: Time Provider 4100
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-47902?

The Microchip Time Provider 4100 is susceptible to an SQL Injection vulnerability that arises from improper neutralization of special elements used in SQL commands. This flaw could allow attackers to execute arbitrary SQL commands, potentially compromising the database and leading to unauthorized access to sensitive information. The vulnerability affects versions before 2.5 and poses a significant risk to organizations relying on this product for secure time synchronization and management.

Affected Version(s)

Time Provider 4100 0 < 2.5

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
May 13, 2025

Credit

Dario Emilio Bertani

Raffaele Bova

Andrea Sindoni

Simone Bossi

Antonio Carriero

Marco Manieri

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research (TIM S.p.A)

JSON