Key Findings Five-year-old ShowDoc vulnerability (CVE-2025-0520) is being actively exploited in global server attacks CVSS score of 9.4 indicates critical severity allowing remote code execution and full server takeover Unrestricted file upload flaw enables attackers to bypass authentication and deploy web shells without credentials Over 2,000 ShowDoc instances remain exposed online, primarily in China, many running unpatched versions US-based security canary confirmed active
