Summary
ShowDoc is facing active exploitation of a critical unauthenticated remote code execution vulnerability (CVE-2025-0520) caused by improper file upload validation. Attackers are using this flaw to deploy web shells and gain full control over unpatched servers.
Take Action:
If you're running ShowDoc, update it to version 2.8.7 or higher immediately. This flaw has been patched since 2020 but attackers are actively exploiting unpatched instances. Then check your image upload folders for any suspicious PHP files that shouldn't be there, and make sure ShowDoc is not exposed to the internet.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)