Login Sign Up

CVE-2025-9176

5.3 MEDIUM

📋 TL;DR

This CVE describes a command injection vulnerability in neurobin shc versions up to 4.0.3. Attackers with local access can execute arbitrary operating system commands by manipulating environment variables during the compilation process. This affects systems where shc is installed and used to compile shell scripts.

💻 Affected Systems

Products:
  • neurobin shc
Versions: up to and including 4.0.3
Operating Systems: All operating systems where shc is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the Environment Variable Handler component when using the 'make' function. Only exploitable when shc is actively used to compile scripts.

📦 What is this software?

Shc by Neurobin

View all CVEs affecting Shc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Local user gains unauthorized command execution, potentially accessing sensitive files or modifying system configurations.

🟢

If Mitigated

Limited impact due to proper access controls, but still allows unauthorized command execution within user's privilege level.

🌐 Internet-Facing: LOW - Attack requires local access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local access requirement reduces risk, but internal attackers or compromised accounts could exploit it.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details have been publicly released. Attack requires local access and knowledge of how to manipulate environment variables during shc compilation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.4 or later

Vendor Advisory: https://github.com/neurobin/shc/releases

Restart Required: No

Instructions:

1. Check current version with 'shc --version'. 2. Update to version 4.0.4 or later via package manager or compile from source. 3. Verify update with 'shc --version'.

🔧 Temporary Workarounds

Restrict shc usage

all

Limit use of shc to trusted users only and monitor for suspicious compilation activities.

🧯 If You Can't Patch

  • Remove or disable shc from production systems if not essential
  • Implement strict access controls and monitor for unauthorized shc usage

🔍 How to Verify

Check if Vulnerable:

Run 'shc --version' and check if version is 4.0.3 or earlier.

Check Version:

shc --version

Verify Fix Applied:

After updating, run 'shc --version' to confirm version is 4.0.4 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual shc compilation activities
  • Suspicious environment variable manipulation during compilation

Network Indicators:

  • N/A - local exploitation only

SIEM Query:

Process execution logs showing shc with unusual arguments or environment variables

📊 Metadata

CVE ID: CVE-2025-9176
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-77
EPSS Score: 0.05% exploit probability (14.7th percentile)
Published: August 20, 2025
Last Updated: September 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9176, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)