{"id":45381,"date":"2026-04-14T16:17:35","date_gmt":"2026-04-14T08:17:35","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/14\/showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers\/"},"modified":"2026-04-14T16:17:35","modified_gmt":"2026-04-14T08:17:35","slug":"showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/14\/showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers\/","title":{"rendered":"ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers"},"content":{"rendered":"<div style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjthzbWdOOZKL2JKvluG78cobCs7bGxvHsfzSMHt4XgX1OO9h-r7W_dlYCCDrCoKo2dAXhh264NTGUrFKBpM8pv0WcePn5gUp1atSJ4-iC4_wr0jmo7nDZ46JYCs8P_5DLs5RcHi81-L7Wiw35cLHNWqCPe50LJ1a3tqfxwfB3S3ufQjYQfUrfRDwMo1BYE\/s1600\/showdoc.jpg\" style=\"display: block; padding: 1em 0; text-align: center; clear: left; float: left;\"><img decoding=\"async\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjthzbWdOOZKL2JKvluG78cobCs7bGxvHsfzSMHt4XgX1OO9h-r7W_dlYCCDrCoKo2dAXhh264NTGUrFKBpM8pv0WcePn5gUp1atSJ4-iC4_wr0jmo7nDZ46JYCs8P_5DLs5RcHi81-L7Wiw35cLHNWqCPe50LJ1a3tqfxwfB3S3ufQjYQfUrfRDwMo1BYE\/s1600\/showdoc.jpg\" alt=\"ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers\"\/><\/a><\/div>\n<p>A critical security vulnerability&nbsp;impacting <a href=\"https:\/\/www.showdoc.com.cn\/help-en\/16882\">ShowDoc<\/a>, a document management and collaboration service popular in China, has come under active exploitation in the&nbsp;wild.<\/p>\n<p>The vulnerability in question&nbsp;is <strong><a href=\"https:\/\/github.com\/advisories\/GHSA-6jmr-r7p6-f5wr\">CVE-2025-0520<\/a><\/strong> (aka CNVD-2020-26585), which carries a CVSS score of 9.4&nbsp;out of&nbsp;10.0.<\/p>\n<p>It relates to a case of unrestricted file upload that stems from improper validation of file extension, allowing an attacker to upload arbitrary PHP files and achieve remote code execution.<\/p>\n<p>&#8220;[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is&nbsp;found and&nbsp;[an]&nbsp;attacker is able&nbsp;to upload a web shell and execute arbitrary code&nbsp;on server,&#8221; according to an&nbsp;advisory <a href=\"https:\/\/github.com\/vulhub\/vulhub\/tree\/master\/showdoc\/CNVD-2020-26585\">released<\/a> by&nbsp;Vulhub.&nbsp;<\/p>\n<p>The vulnerability was addressed in&nbsp;ShowDoc <a href=\"https:\/\/github.com\/star7th\/showdoc\/releases\/tag\/v2.8.7\">version&nbsp;2.8.7<\/a>, which was shipped in October 2020. The&nbsp;current version of the software&nbsp;is <a href=\"https:\/\/github.com\/star7th\/showdoc\/releases\/tag\/v3.8.1\">3.8.1<\/a>.<\/p>\n<p>According&nbsp;to <a href=\"https:\/\/www.linkedin.com\/posts\/ccondon_kev-share-7448763057851314176-KaIi\/\">new&nbsp;details<\/a> shared by Caitlin Condon, vice president of security research at VulnCheck, CVE-2025-0520 has come under active exploitation for the first&nbsp;time.<\/p>\n<p>The observed exploit involves leveraging the flaw to drop a web shell on a U.S.-based honeypot running a vulnerable version of ShowDoc. Data&nbsp;shared by the company shows that there are more than 2,000 instances of ShowDoc online, most of which are located in&nbsp;China.<\/p>\n<p>The development is the latest example of how threat actors are increasingly exploiting N-day security vulnerabilities, regardless of their install base. Users&nbsp;who are running ShowDoc are advised to update to the latest version for optimal protection.<\/p>\n<div><\/div>\n<div>Found this article interesting?  Follow us on <a href='https:\/\/news.google.com\/publications\/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ' rel='noopener' target='_blank'>Google News<\/a>, <a href='https:\/\/twitter.com\/thehackersnews' rel='noopener' target='_blank'>Twitter<\/a> and <a href='https:\/\/www.linkedin.com\/company\/thehackernews\/' rel='noopener' target='_blank'>LinkedIn<\/a> to read more exclusive content we post.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A critical security vulnerability&nbsp;impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the&nbsp;wild.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-45381","post","type-post","status-publish","format-standard","hentry","category-thehackernews"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=45381"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45381\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=45381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=45381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=45381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}