CVE-2025-0520 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulnCheck	CNA	9.4 CRITICAL	NETWORK	LOW	LOW	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
showdoc	showdoc	𝑥 < 2.8.7	CNA

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Vulnerability Media Exposure

[ENGLISH] ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of
Published: 2026-04-14T11:20:00+05:30

References

https://github.com/star7th/showdoc/pull/1059

https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585

https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585

https://www.vulncheck.com/advisories/showdoc-unauthenticated-file-upload-rce