ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

2026-04-14

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

ShowDoc, a document management service, has a critical file upload vulnerability (CVE-2025-0520, CVSS 9.4) being actively exploited to achieve remote code execution.

•The vulnerability exists in ShowDoc versions before 2.8.7 and stems from improper validation of file extensions, allowing unauthenticated file upload
•Attackers can upload arbitrary PHP files and execute remote code on unpatched servers
•The flaw was patched in October 2020 with version 2.8.7, but the current version is 3.8.1
•Active exploitation has been documented through attacks on U.S. honeypots that drop web shells on vulnerable systems
•Over 2,000 ShowDoc instances are online, primarily located in China, making them potential targets

This summary was automatically generated by AI based on the original article and may not be fully accurate.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Privacy-first connections: Empowering social experiences at Airbnb

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud