CVE-2025-47901

Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Affected Software

VendorProductVersion RangeStatus
MicrochipTime Provider 41000 < 2.5affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Workarounds

Do not expose the web interface on the separate management port to an untrusted network. For added security, users have the option to disable the web interface, further protecting the device from potential web-based exploitations.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References