Microchip Time Provider 4100 Allows Malicious Software Updates

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.7

Microchip Time Provider 4100 Allows Malicious Software Updates

CVE-2025-47904

Summary

A weakness in the Time Provider 4100 allows an attacker to download and install malicious software updates, which can compromise the security and integrity of the system. This is a serious issue because it allows an attacker to gain control of the device. Affected users should update to version 2.5 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microchip	timeprovider_4100_firmware	<= 2.5	–

Original title

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

Original description

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

nvd CVSS3.1 4.1

nvd CVSS4.0 5.7

Vulnerability type

CWE-494

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-... Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026