CVE-2025-9174
Published: 19 August 2025
Summary
CVE-2025-9174 is a low-severity Command Injection (CWE-77) vulnerability in Neurobin Shc. Its CVSS base score is 1.9 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25251
Vulnerability details
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally.…
more
The exploit has been publicly disclosed and may be utilized.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection vulnerability in neurobin shc's make function (src/shc.c) via manipulated filenames enables indirect command execution (T1202) through the tool's system() call and Unix shell execution (T1059.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.