CVE-2025-9497 — Joshua Nichols

Description

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.

References

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords

Published: Mar 28, 2026 11:16 UTC Modified: Mar 28, 2026 11:16 UTC