CVE-2025-9176

MEDIUM

neurobin shc <4.0.3 - Command Injection

Title source: llm

Description

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.320557

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.320557

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.630744

Broken Link exploit

https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01

Scores

CVSS v3 5.3

EPSS 0.0134

EPSS Percentile 67.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-77 CWE-78

Status published

Products (1)

neurobin/shc < 4.0.3

Published Aug 20, 2025

Tracked Since Feb 18, 2026