VulnerabilityThe Hacker News
9.4 — CRITICAL
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A critical security vulnerability in ShowDoc, CVE-2025-0520 (CVSS score: 9.4), has been actively exploited on unpatched servers, posing a significant risk to users of the document management and collaboration service.
⚙️Technical Details
💥Impact Assessment
Severity: C
🛡️Recommended Actions
1Patch the vulnerability in ShowDoc before it can be exploited
2Regularly review and update file extensions to prevent unauthorized uploads
3Implement additional security controls, such as intrusion detection systems, to detect and block suspicious activity
📦Affected Products
ShowDoc: before version 2.8.7
🔐NVD Verified DataVERIFIED
Weaknesses
CWE-434
Read the full article
This is a curated summary. The complete article is available at The Hacker News.