{“lastseen”:”2026-04-14T06:07:06″,”description”:”\\n\\nA critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.\\n\\nThe vulnerability in question is **CVE-2025-0520** (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.\\n\\nIt relates to a case of unrestricted file upload that stems from improper validation of file extension, allowing an attacker to upload arbitrary PHP files and achieve remote code execution.\\n\\n\\”[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server,\\” according to an advisory released by Vulhub. \\n\\nThe vulnerability was addressed in ShowDoc version 2.8.7, which was shipped in October 2020. The current version of the software is 3.8.1.\\n\\nAccording to new details shared by Caitlin Condon, vice president of security research at VulnCheck, CVE-2025-0520 has come under active exploitation for the first time.\\n\\nThe observed exploit involves leveraging the flaw to drop a web shell on a U.S.-based honeypot running a vulnerable version of ShowDoc. Data shared by the company shows that there are more than 2,000 instances of ShowDoc online, most of which are located in China.\\n\\nThe development is the latest example of how threat actors are increasingly exploiting N-day security vulnerabilities, regardless of their install base. Users who are running ShowDoc are advised to update to the latest version for optimal protection.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-04-14T05:50:00″,”modified”:”2026-04-14T05:50:21″,”type”:”thn”,”title”:”ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers”,”source”:””,”references”:””,”id”:”THN:92BAA836019A833376AB01BCA9CF2823″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-0520″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.4,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/SC:H\/VI:H\/SI:H\/VA:L\/SA:L”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/04\/showdoc-rce-flaw-cve-2025-0520-actively.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-14T06:07:06″,”description”:”\\n\\nA critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.\\n\\nThe vulnerability in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,131,12,13,7,11,43,5],"class_list":["post-46597","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-94","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n