CVE-2025-47902 HIGH

CVE-2025-47902: SQL Injection in web resource

Vendor Microchip

Product Time Provider 4100

Weakness CWE-89 · SQLi

Published October 20, 2025

Last update March 31, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

Key dates

02Disclosure timeline

October 20, 2025 CVE published

March 31, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47902

Related vulnerabilities

04Related CVE

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection CVE-2024-12360 code-projects Online Class and Exam Scheduling System class_update.php sql injection CVE-2025-4510 Changjietong UFIDA CRM optntyday.php sql injection CVE-2023-3458 SourceCodester Shopping Website forgot-password.php sql injection CVE-2023-1040 SourceCodester Online Graduate Tracer System add_acc.php sql injection