Critical RCE Vulnerability in ShowDoc Actively Exploited

A critical remote code execution (RCE) vulnerability in ShowDoc, a document management and collaboration service widely used in China, is being actively exploited in the wild. The flaw, tracked as CVE-2025-0520 (also known as CNVD-2020-26585), has a CVSS score of 9.4 out of 10.0, indicating severe risk. It stems from an unrestricted file upload issue caused by improper input validation. No specific exploitation timeline or affected versions were disclosed, but unpatched servers remain vulnerable to attacks. The vulnerability enables attackers to execute arbitrary code on compromised systems.