Skip to main content
CVE-2025-47901 HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster (firmware versions before 2.5) allows authenticated attackers on adjacent networks to execute arbitrary system commands with high privileges, leading to complete device compromise. The vulnerability requires low attack complexity and low privileges, with exploitation probability at 0.28% (EPSS), indicating moderate real-world risk. No public exploit identified at time of analysis, but the adjacent network requirement and low complexity make this readily exploitable in targeted attacks against time synchronization infrastructure.

Command Injection Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-47900 HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster allows authenticated adjacent network attackers to execute arbitrary system commands with elevated privileges on firmware versions prior to 2.5. The vulnerability requires low attack complexity and low privileges, enabling complete compromise of device confidentiality, integrity, and availability. EPSS exploitation probability is low (0.28%, 51st percentile) with no public exploit identified at time of analysis, though the straightforward attack vector presents significant risk to network time infrastructure in enterprise environments.

Command Injection Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-56224 HIGH This Week

Authentication bypass in Ascertia SigningHub v8.6.8 lets remote unauthenticated attackers brute-force the One-Time Password (OTP) verification endpoint because it enforces no rate limiting, allowing them to defeat the second verification factor and gain access to signing accounts. The flaw is tagged as an Authentication Bypass and carries a high CVSS of 8.1, though the AC:H metric reflects that success depends on iterating through the OTP keyspace. No CISA KEV listing exists and EPSS is modest (0.46%, 37th percentile), indicating no confirmed active exploitation, but a CVE-named public GitHub repository referenced by NVD suggests exploit details may be circulating.

Authentication Bypass Signinghub
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-56223 HIGH This Week

Denial of service in Ascertia SigningHub v8.6.8 stems from a missing rate limit on the /Home/UploadStreamDocument endpoint, letting attackers flood the server with an excessive number of file uploads until resources are exhausted and the e-signature service becomes unavailable. The CVSS vector marks it network-reachable and unauthenticated (PR:N) with high availability impact but no confidentiality or integrity effect. A GitHub repository (saykino/CVE-2025-56223) associated with the CVE indicates publicly available exploit code exists; the flaw is not in CISA KEV and EPSS exploitation probability is modest at 0.54%.

Denial Of Service Signinghub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-61301 HIGH This Week

Denial-of-analysis in CAPEv2, the open-source malware analysis sandbox, lets anyone able to submit a sample sabotage the platform's own reporting pipeline. A crafted sample that emits deeply nested or oversized behavior data trips MongoDB BSON size limits or orjson recursion errors in reporting/mongodb.py and reporting/jsondump.py, causing the behavioral report to be truncated or dropped entirely. Rated CVSS 7.5 (availability-only); EPSS is modest at 0.39% (31st percentile) and there is no public exploit identified at time of analysis, though the vector is trivial for anyone who can run a sample.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-56219 HIGH This Week

Uncontrolled account creation in Ascertia SigningHub v8.6.8 allows an attacker to repeatedly add user accounts with no rate limiting, driving resource exhaustion and a denial-of-service condition on the e-signature platform. The flaw stems from improper access control (CWE-284) around the account-provisioning function and is exploitable over the network by a low-privileged actor per the CVSS vector (PR:L). Publicly available exploit code exists (GitHub saykino/CVE-2025-56219), but there is no confirmed active exploitation and EPSS remains low at 0.37% (29th percentile).

Authentication Bypass Denial Of Service Signinghub
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-47902 HIGH This Week

SQL injection in Microchip TimeProvider 4100 Grandmaster (firmware <2.5) allows adjacent network attackers with low-level privileges to achieve high integrity and availability impact across system and vulnerable components. EPSS exploitation probability is low (0.03%, 9th percentile) with no public exploit identified at time of analysis. Authentication requirements indicate PR:L (low privileges required) per CVSS vector. Attack complexity is low but requires present attack timing conditions (AT:P).

SQLi Timeprovider 4100 Firmware
NVD
CVSS 4.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy