{"id":585,"date":"2026-04-14T06:47:20","date_gmt":"2026-04-14T06:47:20","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=585"},"modified":"2026-04-14T06:47:20","modified_gmt":"2026-04-14T06:47:20","slug":"showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=585","title":{"rendered":"ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 14, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjthzbWdOOZKL2JKvluG78cobCs7bGxvHsfzSMHt4XgX1OO9h-r7W_dlYCCDrCoKo2dAXhh264NTGUrFKBpM8pv0WcePn5gUp1atSJ4-iC4_wr0jmo7nDZ46JYCs8P_5DLs5RcHi81-L7Wiw35cLHNWqCPe50LJ1a3tqfxwfB3S3ufQjYQfUrfRDwMo1BYE\/s1700-e365\/showdoc.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>A critical security vulnerability\u00a0impacting <a href=\"https:\/\/www.showdoc.com.cn\/help-en\/16882\">ShowDoc<\/a>, a document management and collaboration service popular in China, has come under active exploitation in the\u00a0wild.<\/p>\n<p>The vulnerability in question\u00a0is <strong><a href=\"https:\/\/github.com\/advisories\/GHSA-6jmr-r7p6-f5wr\">CVE-2025-0520<\/a><\/strong> (aka CNVD-2020-26585), which carries a CVSS score of 9.4\u00a0out of\u00a010.0.<\/p>\n<p>It relates to a case of unrestricted file upload that stems from improper validation of file extension, allowing an attacker to upload arbitrary PHP files and achieve remote code execution.<\/p>\n<p>\u00ab[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is\u00a0found and\u00a0[an]\u00a0attacker is able\u00a0to upload a web shell and execute arbitrary code\u00a0on server,\u00bb according to an\u00a0advisory <a href=\"https:\/\/github.com\/vulhub\/vulhub\/tree\/master\/showdoc\/CNVD-2020-26585\">released<\/a> by\u00a0Vulhub.\u00a0<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-risk-report-inside-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWajeG0cdaapf1GKTZRUZUB7BzuYGegyw5k0eAorJXlmkFdYCCeLXXhXYJuXU9lWD33rV6rRnIyly3czoNfYifpxk1eGA5slItPmim3HkubXoQMgC4J7hdQPywxGbWq7Eqeff_o6s2Fq-WmSFd5guwdLn7IqpveMqULqtVnd-ndnljWYGj45EkMFB7m0qm\/s728-e100\/z-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The vulnerability was addressed in\u00a0ShowDoc <a href=\"https:\/\/github.com\/star7th\/showdoc\/releases\/tag\/v2.8.7\">version\u00a02.8.7<\/a>, which was shipped in October 2020. The\u00a0current version of the software\u00a0is <a href=\"https:\/\/github.com\/star7th\/showdoc\/releases\/tag\/v3.8.1\">3.8.1<\/a>.<\/p>\n<p>According\u00a0to <a href=\"https:\/\/www.linkedin.com\/posts\/ccondon_kev-share-7448763057851314176-KaIi\/\">new\u00a0details<\/a> shared by Caitlin Condon, vice president of security research at VulnCheck, CVE-2025-0520 has come under active exploitation for the first\u00a0time.<\/p>\n<p>The observed exploit involves leveraging the flaw to drop a web shell on a U.S.-based honeypot running a vulnerable version of ShowDoc. Data\u00a0shared by the company shows that there are more than 2,000 instances of ShowDoc online, most of which are located in\u00a0China.<\/p>\n<p>The development is the latest example of how threat actors are increasingly exploiting N-day security vulnerabilities, regardless of their install base. Users\u00a0who are running ShowDoc are advised to update to the latest version for optimal protection.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 14, 2026Vulnerability \/ Network Security A critical security vulnerability\u00a0impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the\u00a0wild. The vulnerability&hellip;<\/p>\n","protected":false},"author":1,"featured_media":586,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[201,1205,128,70,316,777,1204,721],"class_list":["post-585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-actively","tag-cve20250520","tag-exploited","tag-flaw","tag-rce","tag-servers","tag-showdoc","tag-unpatched"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=585"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/586"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}