A critical remote code execution (RCE) flaw, identified as CVE-2025-0520, is being actively exploited in ShowDoc, a popular document management service in China. This vulnerability, which carries a high CVSS score of 9.4, allows for unrestricted file uploads due to inadequate validation of user input. As a result, unpatched servers are at risk of being compromised, enabling attackers to execute arbitrary code and potentially gain control of the system. The vulnerability is also tracked as CNVD-2020-26585, highlighting its significance and potential impact. Given its active exploitation, prompt patching is essential to prevent further compromises1. This vulnerability's exploitation status underscores the need for immediate attention, making it a patch-now situation for organizations relying on ShowDoc, especially those operating in China, where discussions around this vulnerability are ongoing.
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
⚠️ Critical Alert
Why This Matters
CVE-2025-0520 is in active discussion involving China — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, April 14). ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers. *The Hacker News*. https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html
Original Source
The Hacker News
Read original →