CVE-2025-47902 | THREATINT

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

PUBLISHED Reserved 2025-05-13 | Published 2025-10-20 | Updated 2025-10-21 | Assigner Microchip

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

Any version before 2.5

affected

Timeline

2025-04-15:

Reported

Credits

Dario Emilio Bertani finder

Raffaele Bova finder

Andrea Sindoni finder

Simone Bossi finder

Antonio Carriero finder

Marco Manieri finder

Vito Pistillo finder

Davide Renna finder

Manuel Leone finder

Massimiliano Brolli finder

TIM Security Red Team Research (TIM S.p.A) reporter

References

www.microchip.com/...ster-remote-sql-command-injection-47902 vendor-advisory

cve.org (CVE-2025-47902)

nvd.nist.gov (CVE-2025-47902)

Download JSON