CVE-2025-9174

A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Common Weakness Enumeration
References
https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96
https://vuldb.com/?ctiid.320555
https://vuldb.com/?id.320555
https://vuldb.com/?submit.630742
https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96