CVE-2025-47904 | THREATINT

Description

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

PUBLISHED Reserved 2025-05-13 | Published 2026-02-24 | Updated 2026-02-24 | Assigner Microchip

MEDIUM: 5.7CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-494 Download of Code Without Integrity Check

Product status

Default status

unaffected

Any version before 2.5

affected

Timeline

2025-04-14:

Reported

Credits

Dario Emilio Bertani finder

Raffaele Bova finder

Andrea Sindoni finder

Simone Bossi finder

Antonio Carriero finder

Marco Manieri finder

Vito Pistillo finder

Davide Renna finder

Manuel Leone finder

Massimiliano Brolli finder

TIM Security Red Team Research (TIM S.p.A) reporter

References

www.microchip.com/...der-4100-unsigned-upgrade-vulnerability vendor-advisory

cve.org (CVE-2025-47904)

nvd.nist.gov (CVE-2025-47904)

Download JSON