A critical unrestricted file upload vulnerability in ShowDoc (CVE-2025-0520 / CNVD-2020-26585) is being actively exploited to drop web shells and achieve remote code execution. Users should update ShowDoc to the latest release immediately to mitigate observed attacks and the widespread exposure of vulnerable instances. #ShowDoc #CVE-2025-0520
Keypoints
- CVE-2025-0520 (CNVD-2020-26585) is a critical ShowDoc vulnerability with a CVSS score of 9.4.
- Improper validation of file extensions allows attackers to upload arbitrary PHP files and execute remote code.
- The issue affects ShowDoc versions before 2.8.7 and was fixed in the 2.8.7 October 2020 release; current version is 3.8.1.
- VulnCheck and Vulhub reported active exploitation, including web shells found on a U.S.-based honeypot.
- There are over 2,000 ShowDoc instances online (mostly in China); administrators are urged to update to the latest version immediately.
Read More: https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html