CVE-2025-9174 – This vulnerability in neurobin shc up to versio... (How to Fix)

Q: What is the severity of CVE-2025-9174?

CVE-2025-9174 has a CVSS score of 5.3 (MEDIUM). This vulnerability in neurobin shc up to version 4.0.3 allows local command injection through the filename handler component. Attackers with local access can execute arbitrary operating system commands by manipulating filenames. Only systems running vulnerable versions of shc are affected.

📋 TL;DR

This vulnerability in neurobin shc up to version 4.0.3 allows local command injection through the filename handler component. Attackers with local access can execute arbitrary operating system commands by manipulating filenames. Only systems running vulnerable versions of shc are affected.

💻 Affected Systems

Products:

neurobin shc

Versions: up to 4.0.3

Operating Systems: All platforms where shc is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when processing manipulated filenames

📦 What is this software?

Shc by Neurobin

View all CVEs affecting Shc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or lateral movement within the network

🟠

Likely Case

Local user gains unauthorized command execution, potentially accessing sensitive files or modifying system configurations

🟢

If Mitigated

Limited impact due to proper access controls and monitoring preventing successful exploitation

🌐 Internet-Facing: LOW - Attack requires local access, cannot be exploited remotely

🏢 Internal Only: MEDIUM - Local attackers or compromised accounts could exploit this, but requires specific conditions

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and knowledge of vulnerable shc usage patterns

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.4 or later

Vendor Advisory: https://github.com/neurobin/shc

Restart Required: No

Instructions:

1. Check current version with 'shc --version' 2. Update via package manager or compile from source 3. Verify update with 'shc --version' showing 4.0.4+

🔧 Temporary Workarounds

Restrict shc usage

all

Limit shc execution to trusted users only

chmod 750 /usr/local/bin/shc
setfacl -m u:trusteduser:rx /usr/local/bin/shc

Input validation wrapper

all

Create wrapper script that validates filenames before passing to shc

#!/bin/bash
# Validate filename contains no shell metacharacters
if [[ "$1" =~ [;&|`$\\] ]]; then
    echo "Invalid filename"
    exit 1
fi
/usr/local/bin/shc "$@"

🧯 If You Can't Patch

Remove shc from production systems if not essential
Implement strict file permission controls and monitor shc usage

🔍 How to Verify

Check if Vulnerable:

Run 'shc --version' and check if version is 4.0.3 or earlier

Check Version:

shc --version

Verify Fix Applied:

Confirm version is 4.0.4 or later with 'shc --version'

📡 Detection & Monitoring

Log Indicators:

Unusual shc process execution patterns
Shell commands executed from shc with suspicious arguments

Network Indicators:

N/A - local vulnerability only

SIEM Query:

process.name:"shc" AND process.args:*[;&|`$\\]*

📊 Metadata

CVE ID: CVE-2025-9174

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.05% exploit probability (14.7th percentile)

Published: August 19, 2025

Last Updated: September 15, 2025

🔗 References

https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96 Broken Link
https://vuldb.com/?ctiid.320555 Permissions Required,VDB Entry
https://vuldb.com/?id.320555 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.630742 Third Party Advisory,VDB Entry
https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9174, you might also want to check these: