2389617 – (CVE-2025-9176) CVE-2025-9176 shc: neurobin shc os command injection

Bug 2389617 (CVE-2025-9176) - CVE-2025-9176 shc: neurobin shc os command injection

Summary: CVE-2025-9176 shc: neurobin shc os command injection

Keywords:
Status:	NEW
Alias:	CVE-2025-9176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2389875 2389878 2389881 2389883
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-20 00:01 UTC by OSIDB Bzimport
Modified:	2025-08-20 20:47 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-20 00:01:17 UTC

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Note You need to log in before you can comment on or make changes to this bug.