Hard-coded Credentials Vulnerability in Microchip Time Provider 4100
CVE-2025-9497

5.5MEDIUM

Key Information:

Vendor: Microchip
Status: Time Provider 4100
Vendor: CVE Published:; 28 March 2026

What is CVE-2025-9497?

A hard-coded credentials vulnerability in the Microchip Time Provider 4100 can allow unauthorized users to execute malicious manual software updates. This issue directly affects devices running versions prior to 2.5.0, potentially compromising the integrity and security of the system by enabling attackers to bypass authentication protocols.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Time Provider 4100 0 < 2.5.0

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

https://www.gruppotim.it/en/footer/TIM-red-team.html

technical-description

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2026
Vulnerability Reserved
Aug 26, 2025

Credit

Dario Emilio Bertani

Raffaele Bova

Andrea Sindoni

Simone Bossi

Antonio Carriero

Marco Manieri

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research (TIM S.p.A)

JSON

Microchip