CVE-2025-47904

MEDIUM

Microchip Time Provider 4100 <2.5 - Code Injection

Title source: llm

Description

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

References (2)

Core 2

Core References

Technical Description technical-description

https://www.gruppotim.it/en/footer/TIM-red-team.html

Various Sources vendor-advisory

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-unsigned-upgrade-vulnerability

Scores

CVSS v3 4.1

EPSS 0.0008

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-494

Status published

Products (2)

Microchip/Time Provider 4100 < 2.5

microchip/timeprovider_4100_firmware < 2.5

Published Feb 24, 2026

Tracked Since Feb 24, 2026