{"id":"CVE-2025-9174","details":"A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.","modified":"2026-04-10T05:37:44.777360Z","published":"2025-08-19T23:15:28.873Z","references":[{"type":"WEB","url":"https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"},{"type":"ADVISORY","url":"https://vuldb.com/?id.320555"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.630742"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.320555"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/neurobin/shc","events":[{"introduced":"0"},{"last_affected":"7e5b6be461fb29a2e9ada116b00eadcc4d5b9b1b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.3"}]}}],"versions":["3.9.1","3.9.3a4","3.9.4","3.9.6","3.9.8","4.0.0","4.0.1","4.0.2","4.0.3","shc-3.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9174.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}