CVE-2025-9497 | THREATINT

Description

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.

PUBLISHED Reserved 2025-08-26 | Published 2026-03-28 | Updated 2026-04-01 | Assigner Microchip

MEDIUM: 5.5CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

Default status

unknown

Any version before 2.5.0

affected

Credits

Dario Emilio Bertani finder

Raffaele Bova finder

Andrea Sindoni finder

Simone Bossi finder

Antonio Carriero finder

Marco Manieri finder

Vito Pistillo finder

Davide Renna finder

Manuel Leone finder

Massimiliano Brolli finder

TIM Security Red Team Research (TIM S.p.A) reporter

References

www.microchip.com/...-hardcoded-upgrade-decryption-passwords vendor-advisory

www.gruppotim.it/en/footer/TIM-red-team.html technical-description

cve.org (CVE-2025-9497)

nvd.nist.gov (CVE-2025-9497)

Download JSON