A important security vulnerability impacting ShowDoc, a doc administration and collaboration service standard in China, has come beneath lively exploitation within the wild.
The vulnerability in query is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS rating of 9.4 out of 10.0.
It pertains to a case of unrestricted file add that stems from improper validation of file extension, permitting an attacker to add arbitrary PHP recordsdata and obtain distant code execution.
“[In] ShowDoc model earlier than 2.8.7, an unrestricted and unauthenticated file add situation is discovered and [an] attacker is in a position to add an internet shell and execute arbitrary code on server,” in keeping with an advisory launched by Vulhub.
The vulnerability was addressed in ShowDoc model 2.8.7, which was shipped in October 2020. The present model of the software program is 3.8.1.
In accordance to new particulars shared by Caitlin Condon, vp of security analysis at VulnCheck, CVE-2025-0520 has come beneath lively exploitation for the primary time.
The noticed exploit includes leveraging the flaw to drop an internet shell on a U.S.-based honeypot operating a susceptible model of ShowDoc. Data shared by the corporate exhibits that there are greater than 2,000 cases of ShowDoc on-line, most of that are situated in China.
The event is the most recent instance of how menace actors are more and more exploiting N-day security vulnerabilities, no matter their set up base. Customers who’re operating ShowDoc are suggested to replace to the most recent model for optimum safety.
