Code Integrity Vulnerability in Microchip Time Provider 4100
CVE-2025-47904

5.7MEDIUM

Key Information:

Vendor: Microchip
Status: Time Provider 4100
Vendor: CVE Published:; 24 February 2026

What is CVE-2025-47904?

The Microchip Time Provider 4100 is prone to a vulnerability that allows the execution of unauthorized software updates due to a lack of integrity checks during code downloads. This flaw could enable malicious actors to manually install compromised software versions, potentially compromising the integrity and security of the system. It impacts versions prior to 2.5 and highlights the critical need for embedded security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Time Provider 4100 0 < 2.5

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

https://www.gruppotim.it/en/footer/TIM-red-team.html

technical-description

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
May 13, 2025

Credit

Dario Emilio Bertani

Raffaele Bova

Andrea Sindoni

Simone Bossi

Antonio Carriero

Marco Manieri

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research (TIM S.p.A)

JSON

Microchip