CVE-2025-47900 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microchip	Timeprovider 4100

No data.

No data.

References

Link	Providers
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution

History

Tue, 21 Oct 2025 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microchip Microchip timeprovider 4100
Vendors & Products		Microchip Microchip timeprovider 4100

Mon, 20 Oct 2025 20:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 20 Oct 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
Title		RCE on backup configuration password
Weaknesses		CWE-78
References		https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution
Metrics		cvssV4_0 `{'score': 8.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Microchip

Published: 2025-10-20T17:43:33.890Z

Updated: 2025-10-20T18:02:36.954Z

Reserved: 2025-05-13T19:24:53.452Z

Link: CVE-2025-47900

Vulnrichment

Updated: 2025-10-20T18:01:41.115Z

NVD

Status : Awaiting Analysis

Published: 2025-10-20T18:15:38.440

Modified: 2025-10-21T19:31:25.450

Link: CVE-2025-47900

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47900", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "state": "PUBLISHED", "assignerShortName": "Microchip", "dateReserved": "2025-05-13T19:24:53.452Z", "datePublished": "2025-10-20T17:43:33.890Z", "dateUpdated": "2025-10-20T18:02:36.954Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Time Provider 4100", "vendor": "Microchip", "versions": [{"lessThan": "2.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated user with access to the web interface on a separate management port."}], "value": "An authenticated user with access to the web interface on a separate management port."}], "credits": [{"lang": "en", "type": "finder", "value": "Dario Emilio Bertani"}, {"lang": "en", "type": "finder", "value": "Raffaele Bova"}, {"lang": "en", "type": "finder", "value": "Andrea Sindoni"}, {"lang": "en", "type": "finder", "value": "Simone Bossi"}, {"lang": "en", "type": "finder", "value": "Antonio Carriero"}, {"lang": "en", "type": "finder", "value": "Marco Manieri"}, {"lang": "en", "type": "finder", "value": "Vito Pistillo"}, {"lang": "en", "type": "finder", "value": "Davide Renna"}, {"lang": "en", "type": "finder", "value": "Manuel Leone"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli"}, {"lang": "en", "type": "reporter", "value": "TIM Security Red Team Research (TIM S.p.A)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.<p>This issue affects Time Provider 4100: before 2.5.</p>"}], "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 8.9, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2025-10-20T17:43:33.890Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution"}], "source": {"advisory": "PSIRT-101", "discovery": "UNKNOWN"}, "title": "RCE on backup configuration password", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."}], "value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-20T18:01:10.599374Z", "id": "CVE-2025-47900", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T18:02:36.954Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-20T18:01:10.599374Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T18:01:41.115Z"}}], "cna": {"title": "RCE on backup configuration password", "source": {"advisory": "PSIRT-101", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dario Emilio Bertani"}, {"lang": "en", "type": "finder", "value": "Raffaele Bova"}, {"lang": "en", "type": "finder", "value": "Andrea Sindoni"}, {"lang": "en", "type": "finder", "value": "Simone Bossi"}, {"lang": "en", "type": "finder", "value": "Antonio Carriero"}, {"lang": "en", "type": "finder", "value": "Marco Manieri"}, {"lang": "en", "type": "finder", "value": "Vito Pistillo"}, {"lang": "en", "type": "finder", "value": "Davide Renna"}, {"lang": "en", "type": "finder", "value": "Manuel Leone"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli"}, {"lang": "en", "type": "reporter", "value": "TIM Security Red Team Research (TIM S.p.A)"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Microchip", "product": "Time Provider 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations.", "supportingMedia": [{"type": "text/html", "value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.<p>This issue affects Time Provider 4100: before 2.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "configurations": [{"lang": "en", "value": "An authenticated user with access to the web interface on a separate management port.", "supportingMedia": [{"type": "text/html", "value": "An authenticated user with access to the web interface on a separate management port.", "base64": false}]}], "providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2025-10-20T17:43:33.890Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47900", "state": "PUBLISHED", "dateUpdated": "2025-10-20T18:02:36.954Z", "dateReserved": "2025-05-13T19:24:53.452Z", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "datePublished": "2025-10-20T17:43:33.890Z", "assignerShortName": "Microchip"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5."}], "id": "CVE-2025-47900", "lastModified": "2025-10-21T19:31:25.450", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}, "published": "2025-10-20T18:15:38.440", "references": [{"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution"}], "sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}