neurobin shc Environment Variable shc.c make os command injection

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-9176

Source VulDB

Published Aug 19, 2025 at 23:32

Affected Product

Vendor neurobin

Product shc

Version 4.0.0

Affected Versions neurobin shc 4.0.0
neurobin shc 4.0.1
neurobin shc 4.0.2
neurobin shc 4.0.3

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.",
    "published": "2025-08-19T23:32:07.022Z",
    "modified": "2025-08-19T23:32:07.022Z",
    "type": "cve",
    "title": "neurobin shc Environment Variable shc.c make os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320557\nhttps://vuldb.com/?ctiid.320557\nhttps://vuldb.com/?submit.630744\nhttps://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01",
    "id": "CVE-2025-9176",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "neurobin shc 4.0.0\nneurobin shc 4.0.1\nneurobin shc 4.0.2\nneurobin shc 4.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "shc",
    "version": "4.0.0",
    "vendor": "neurobin",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

neurobin shc Environment Variable shc.c make os command injection_CVE-2025-9176