Back

Critical ShowDoc RCE Vulnerability Exploited in the Wild

Severity: High (Score: 76.5)

Sources: Scworld, Securityaffairs.Co, Gbhackers, Cybersecuritynews

Summary

A critical vulnerability in ShowDoc, a document management service, is being actively exploited. Identified as CVE-2025-0520 with a CVSS score of 9.4, the flaw allows for unrestricted file uploads and remote code execution on vulnerable servers. Attackers are targeting versions prior to 2.8.7, which was released in October 2020. Although ShowDoc has been updated to version 3.8.1, many instances remain unpatched. Exploits have been observed on a U.S.-based honeypot running a vulnerable version, indicating that the threat is not limited to China, where most instances are located. The vulnerability poses a significant risk to organizations that rely on outdated versions for internal documentation and collaboration. Cybersecurity experts recommend immediate action to mitigate the risk. Key Points: • CVE-2025-0520 allows remote code execution on unpatched ShowDoc servers. • The vulnerability affects versions prior to 2.8.7, released in October 2020. • Active exploitation has been confirmed on a U.S.-based honeypot.

Key Entities

  • Malware (attack_type)
  • Remote Code Execution (attack_type)
  • Zero-day Exploit (attack_type)
  • China (country)
  • CVE-2025-0520 (cve)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • ShowDoc (platform)
  • Cnvd-2020-26585 (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed