CVE-2025-47900

UNKNOWN 0.0

RCE on backup configuration password

CVSS Score

0.0

EPSS Score

0.3%

EPSS Percentile

51th

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

CWE	CWE-78
Vendor	microchip
Product	time provider 4100
Published	Oct 20, 2025
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for microchip time provider 4100

Be the first to know when new unknown vulnerabilities affecting microchip time provider 4100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Microchip / Time Provider 4100

0 < 2.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

microchip.com: https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution gruppotim.it: https://www.gruppotim.it/en/footer/TIM-red-team.html

Credits

Dario Emilio Bertani Raffaele Bova Andrea Sindoni Simone Bossi Antonio Carriero Marco Manieri Vito Pistillo Davide Renna Manuel Leone Massimiliano Brolli 🔍 TIM Security Red Team Research (TIM S.p.A)