{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9497", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "state": "PUBLISHED", "assignerShortName": "Microchip", "dateReserved": "2025-08-26T17:59:09.578Z", "datePublished": "2026-03-28T10:58:29.620Z", "dateUpdated": "2026-04-01T13:55:03.527Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2026-03-31T15:52:21.770Z"}, "title": "Hardcoded Upgrade Decryption Passwords", "datePublic": "2026-03-28T07:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-533", "descriptions": [{"lang": "en", "value": "CAPEC-533 Malicious Manual Software Update"}]}], "affected": [{"vendor": "Microchip", "product": "Time Provider 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.<p>This issue affects Time Provider 4100: before 2.5.0.</p>"}]}], "references": [{"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords", "tags": ["vendor-advisory"]}, {"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html", "tags": ["technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P"}}], "configurations": [{"lang": "en", "value": "User knowledge of the decryption passwords and upgrade package structure.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "User knowledge of the decryption passwords and upgrade package structure.<br>"}]}], "workarounds": [{"lang": "en", "value": "Upgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div>\n</div>\n\n \n</div>\n \n <div>\n <div>\n <div>\n <div><div>\n\n <p>Upgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses.</p>\n\n</div></div></div></div></div>"}]}], "credits": [{"lang": "en", "value": "Dario Emilio Bertani", "type": "finder"}, {"lang": "en", "value": "Raffaele Bova", "type": "finder"}, {"lang": "en", "value": "Andrea Sindoni", "type": "finder"}, {"lang": "en", "value": "Simone Bossi", "type": "finder"}, {"lang": "en", "value": "Antonio Carriero", "type": "finder"}, {"lang": "en", "value": "Marco Manieri", "type": "finder"}, {"lang": "en", "value": "Vito Pistillo", "type": "finder"}, {"lang": "en", "value": "Davide Renna", "type": "finder"}, {"lang": "en", "value": "Manuel Leone", "type": "finder"}, {"lang": "en", "value": "Massimiliano Brolli", "type": "finder"}, {"lang": "en", "value": "TIM Security Red Team Research (TIM S.p.A)", "type": "reporter"}], "source": {"advisory": "PSIRT-104", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:54:38.708217Z", "id": "CVE-2025-9497", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:55:03.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-9497", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T13:54:38.708217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:54:57.440Z"}}], "cna": {"title": "Hardcoded Upgrade Decryption Passwords", "source": {"advisory": "PSIRT-104", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dario Emilio Bertani"}, {"lang": "en", "type": "finder", "value": "Raffaele Bova"}, {"lang": "en", "type": "finder", "value": "Andrea Sindoni"}, {"lang": "en", "type": "finder", "value": "Simone Bossi"}, {"lang": "en", "type": "finder", "value": "Antonio Carriero"}, {"lang": "en", "type": "finder", "value": "Marco Manieri"}, {"lang": "en", "type": "finder", "value": "Vito Pistillo"}, {"lang": "en", "type": "finder", "value": "Davide Renna"}, {"lang": "en", "type": "finder", "value": "Manuel Leone"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli"}, {"lang": "en", "type": "reporter", "value": "TIM Security Red Team Research (TIM S.p.A)"}], "impacts": [{"capecId": "CAPEC-533", "descriptions": [{"lang": "en", "value": "CAPEC-533 Malicious Manual Software Update"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Microchip", "product": "Time Provider 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-28T07:00:00.000Z", "references": [{"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords", "tags": ["vendor-advisory"]}, {"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html", "tags": ["technical-description"]}], "workarounds": [{"lang": "en", "value": "Upgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses.", "supportingMedia": [{"type": "text/html", "value": "<div><div>\n</div>\n\n \n</div>\n \n <div>\n <div>\n <div>\n <div><div>\n\n <p>Upgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses.</p>\n\n</div></div></div></div></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.", "supportingMedia": [{"type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.<p>This issue affects Time Provider 4100: before 2.5.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "configurations": [{"lang": "en", "value": "User knowledge of the decryption passwords and upgrade package structure.", "supportingMedia": [{"type": "text/html", "value": "User knowledge of the decryption passwords and upgrade package structure.<br>", "base64": false}]}], "providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2026-03-31T15:52:21.770Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9497", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:55:03.527Z", "dateReserved": "2025-08-26T17:59:09.578Z", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "datePublished": "2026-03-28T10:58:29.620Z", "assignerShortName": "Microchip"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0."}, {"lang": "es", "value": "Vulnerabilidad de uso de credenciales codificadas en Microchip Time Provider 4100 permite una actualizaci\u00f3n de software manual maliciosa. Este problema afecta a Time Provider 4100: antes de 2.5.0."}], "id": "CVE-2025-9497", "lastModified": "2026-04-01T14:16:25.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}, "published": "2026-03-28T11:16:35.337", "references": [{"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"}, {"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords"}], "sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.0)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Time Provider 4100", "source": "cna", "vendor": "Microchip"}, "product": "timeprovider_4100", "vendor": "microchip"}], "analysis": {"en": {"generated_at": "2026-03-28T12:21:07.431483+00:00", "value": {"mitigation_remediation": ["Update the device to firmware version 2.5.0 or later, which removes the hard\u2011coded decryption passwords.", "If an update is not possible, isolate the upgrade management port so it is not reachable from untrusted networks.", "Configure ACLs on the management port to allow connections only from trusted IP addresses.", "Verify that the device is running the patched firmware version before performing any further operations.", "Contact Microchip for additional guidance if the device cannot be upgraded or reconfigured."], "summary": {"action": "Apply patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Microchip Time Provider 4100 devices running firmware versions earlier than 2.5.0; newer releases contain the fix.", "description_and_impact": "Microchip Time Provider 4100 firmware before version 2.5.0 uses hard\u2011coded passwords to decrypt upgrade images, allowing a malicious actor to craft a forged update that will be accepted and installed by the device. This flaw could lead to arbitrary code execution, data tampering, or denial of service on the compromised hardware. The weakness is categorized as CWE\u2011798 (Use of Hard\u2011coded Credentials).", "risk_and_exploitability": "The CVSS score of 5.5 reflects moderate severity, and no EPSS value is available. The flaw is not listed in the CISA KEV catalog. Exploitation requires access to the device\u2019s upgrade interface, which operates over a separate management port. If that port is exposed to an untrusted network, an attacker can hijack the upgrade flow and push malicious firmware. When restricted to a trusted environment and protected by ACLs, the risk is greatly reduced, but the fundamental vulnerability remains until the firmware is updated."}}}}, "created": "2026-03-29T20:32:36.093763+00:00", "updated": "2026-03-30T06:59:44.954828+00:00", "vendors": ["microchip", "microchip$PRODUCT$timeprovider_4100"]}