CVE-2025-47901 HIGH

CVE-2025-47901: RCE on restore configuration password

Vendor Microchip

Product Time Provider 4100

Weakness CWE-78

Published October 20, 2025

Last update March 31, 2026

View on NVD All CVEs

CVSS base score

8.9/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Key dates

02Disclosure timeline

October 20, 2025 CVE published

March 31, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47901

Related vulnerabilities

04Related CVE

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection CVE-2022-34447 CVE-2021-36011 Adobe Illustrator improper neutralization of special elements used in an OS command CVE-2020-25859 CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command