ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical remote code execution vulnerability (CVE-2025-0520) in ShowDoc, a document management platform popular in China, is being actively exploited in the wild. The flaw carries a CVSS score of 9.4 out of 10.0 and stems from an unrestricted file upload issue caused by improper validation. Attackers can exploit this vulnerability to execute arbitrary code on vulnerable servers, potentially gaining full system access. Organizations using ShowDoc should apply patches immediately and restrict network exposure to management interfaces. Until patches are available, implementing strict file upload validation and monitoring for suspicious activity is recommended.

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of

A critical remote code execution vulnerability (CVE-2025-0520) in ShowDoc, a document management platform popular in China, is being actively exploited in the wild. The flaw carries a CVSS score of 9.4 out of 10.0 and stems from an unrestricted file upload issue caused by improper validation. Attackers can exploit this vulnerability to execute arbitrary code on vulnerable servers, potentially gaining full system access. Organizations using ShowDoc should apply patches immediately and restrict network exposure to management interfaces. Until patches are available, implementing strict file upload validation and monitoring for suspicious activity is recommended. A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of