Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47900

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Published

2025-10-20T18:15:38.440

Last Modified

2025-10-28T15:29:13.490

Status

Analyzed

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microchip	timeprovider_4100_firmware	< 2.5	Yes
Hardware	microchip	timeprovider_4100	-	No

References

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution Vendor Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)