CVE-2025-9497

CRITICAL 9.8

Hardcoded Upgrade Decryption Passwords

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.

CWE	CWE-798
Vendor	microchip
Product	time provider 4100
Published	Mar 28, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for microchip time provider 4100

Be the first to know when new critical vulnerabilities affecting microchip time provider 4100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Microchip / Time Provider 4100

0 < 2.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

microchip.com: https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords gruppotim.it: https://www.gruppotim.it/en/footer/TIM-red-team.html

Credits

Dario Emilio Bertani Raffaele Bova Andrea Sindoni Simone Bossi Antonio Carriero Marco Manieri Vito Pistillo Davide Renna Manuel Leone Massimiliano Brolli 🔍 TIM Security Red Team Research (TIM S.p.A)