Attackers target unpatched ShowDoc servers via CVE-2025-0520

AndyC 15 April 2026

Attackers target unpatched ShowDoc servers via CVE-2025-0520

Attackers target unpatched ShowDoc servers via CVE-2025-0520

Attackers target unpatched ShowDoc servers via CVE-2025-0520

Attackers target unpatched ShowDoc servers via CVE-2025-0520

Pierluigi Paganini
April 14, 2026

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk.

A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild.

ShowDoc is an online tool that helps IT teams share documents and improve collaboration and communication efficiency.

Versions before 2.8.7 had an unauthenticated file upload flaw allowing attackers to deploy web shells and run code on servers. The issue was fixed in version 2.8.7, released in October 2020.

“An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution. This issue affects ShowDoc: before 2.8.7.” reads the advisory.

Threat actors are targeting unpatched servers, potentially gaining full control.

VulnCheck researchers warn that over 2,000 instances remain exposed online, mostly in China. The cybersecurity firm provides customers with payloads, artifacts, and intelligence.

Organizations using the tool are strongly urged to update and secure exposed instances immediately.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2025-0520)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , ,

What do you feel about this?

More Stories

Nessus Essentials: Complete Guide for Security Professionals (2026)

Nessus Essentials: Complete Guide for Security Professionals (2026)

AndyC 15 April 2026
Best Cybersecurity Books 2026: A CISO’s Picks (With Free Downloads)

Best Cybersecurity Books 2026: A CISO’s Picks (With Free Downloads)

AndyC 15 April 2026
Personal data of 1 million gym members compromised in Basic-Fit security incident

Personal data of 1 million gym members compromised in Basic-Fit security incident

AndyC 15 April 2026
US, UK and Canada disrupt M crypto theft in Operation Atlantic

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

AndyC 15 April 2026
ShinyHunters claim the hack of Rockstar Games breach and started leaking data

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

AndyC 15 April 2026
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

AndyC 15 April 2026

You may have missed

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026
Spotlight On: Stripe, a New Principal Participating Organization

Spotlight On: Stripe, a New Principal Participating Organization

AndyC 15 April 2026
Spotlight On: Stripe, a New Principal Participating Organization

Spotlight On: Stripe, a New Principal Participating Organization

AndyC 15 April 2026

Can Your Wearable Health Monitors Be Compromised?

AndyC 15 April 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.