CVE-2025-47900 | THREATINT

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

PUBLISHED Reserved 2025-05-13 | Published 2025-10-20 | Updated 2025-10-20 | Assigner Microchip

HIGH: 8.9CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 2.5

affected

Credits

Dario Emilio Bertani finder

Raffaele Bova finder

Andrea Sindoni finder

Simone Bossi finder

Antonio Carriero finder

Marco Manieri finder

Vito Pistillo finder

Davide Renna finder

Manuel Leone finder

Massimiliano Brolli finder

TIM Security Red Team Research (TIM S.p.A) reporter

References

www.microchip.com/...00-grandmaster-remote-command-execution vendor-advisory

cve.org (CVE-2025-47900)

nvd.nist.gov (CVE-2025-47900)

Download JSON