A critical security vulnerability in ShowDoc, a document management service popular in China, is now being actively exploited in the wild, according to a recent report by The Hacker News.The vulnerability, identified as CVE-2025-0520 with a CVSS score of 9.4, allows for unrestricted file uploads due to improper file extension validation. Attackers can exploit this to upload web shells and achieve remote code execution on affected servers. This flaw was present in ShowDoc versions prior to 2.8.7, which was released in October 2020.While the software has since been updated to version 3.8.1, new details indicate that threat actors are leveraging this older vulnerability. Exploits have been observed targeting a U.S.-based honeypot running a vulnerable version. While most of the over 2,000 identified ShowDoc instances are in China, the active exploitation highlights a trend of targeting N-day vulnerabilities regardless of the install base.Source: The Hacker News
Vulnerability Management, Patch/Configuration Management
ShowDoc vulnerability actively exploited

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



