CVE-2025-47904

Sažetak

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

Reference

https://www.gruppotim.it/en/footer/TIM-red-team.html
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-unsigned-upgrade-vulnerability

CVSS

Base:	4.1
Impact:	3.6
Exploitability:	0.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

31-03-2026 - 11:16

Objavljeno

24-02-2026 - 16:24