CVE-2025-47900
BaseFortify
Publication date: 2025-10-20
Last updated on: 2026-03-31
Assigner: Microchip Technology
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microchip | timeprovider_4100_firmware | to 2.5 (exc) |
| microchip | timeprovider_4100 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection in Microchip Time Provider 4100 devices before version 2.5. It occurs due to improper neutralization of special elements used in OS commands, allowing an attacker to inject and execute arbitrary operating system commands remotely.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with low privileges and network access to execute arbitrary OS commands with high impact on confidentiality, integrity, and availability of the affected system. This could lead to unauthorized control, data compromise, or disruption of the Time Provider 4100 device's operation.