ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

CVE-2025-0520 (CNVD-2020-26585), a CVSS 9.4 unrestricted file upload vulnerability in ShowDoc, a document management and collaboration service widely used in China, is now under confirmed active exploitation in the wild.

The flaw stems from improper validation of uploaded file types, allowing unauthenticated attackers to upload arbitrary files and achieve remote code execution on the server. ShowDoc is commonly deployed on-premises by development teams and enterprises for internal documentation and API management.

Organizations running ShowDoc should apply the vendor’s patch immediately and audit server logs for evidence of exploitation. Exposed instances should be treated as potentially compromised until investigated.