A critical security vulnerability affecting ShowDoc, a popular document management and collaboration service in China, is being exploited in the wild.
The vulnerability in question is CVE-2025-0520 (also known as CNVD-2020-26585), which has a CVSS score of 9.4 out of 10.0.
This is related to the unrestricted file upload case due to improper validation of file extensions, allowing an attacker to upload arbitrary PHP files and perform remote code execution.
”[In] An issue with unrestricted and unauthenticated file uploads was found in ShowDoc versions prior to 2.8.7. [an] According to an advisory released by Vulhub, an attacker can upload a web shell and execute arbitrary code on the server.
This vulnerability was resolved in ShowDoc version 2.8.7 shipped in October 2020. The current version of the software is 3.8.1.
According to new details shared by Caitlin Condon, VP of Security Research at VulnCheck, CVE-2025-0520 is being actively exploited for the first time.
The observed exploit involves leveraging this flaw to drop a web shell onto a US-based honeypot running a vulnerable version of ShowDoc. According to data shared by the company, there are more than 2,000 instances of ShowDoc online, most of them in China.
This development is the latest example of how threat actors are exploiting N-day security vulnerabilities regardless of their installed base. We recommend that users running ShowDoc update to the latest version for optimal protection.
Source link
