### ShowDoc Vulnerability Exploited A critical security vulnerability impacting **ShowDoc**, a document management and collaboration service popular in China, has come under active exploitation in the wild. ### CVE-2025-0520 Details The vulnerability in question is **CVE-2025-0520** (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of file extension, allowing an attacker to upload arbitrary PHP files and achieve remote code execution. According to an advisory released by **Vulhub**: "[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server." ### Remediation The vulnerability was addressed in ShowDoc version 2.8.7, which was released in October 2020. The current version of the software is 3.8.1. Users are strongly advised to upgrade to the latest version immediately. ### Active Exploitation According to new details shared by **Caitlin Condon**, vice president of security research at **VulnCheck**, CVE-2025-0520 has come under active exploitation for the first time. The observed exploit involves leveraging the flaw to drop a web shell on a U.S.-based honeypot running a vulnerable version of ShowDoc. Data shared by the company shows that there are more than 2,000 instances of ShowDoc online, most of which are located in China. This incident highlights the increasing trend of threat actors exploiting N-day security vulnerabilities, regardless of the size of the install base. Users who are running ShowDoc are advised to update to the latest version for optimal protection.