Platform
php
Component
showdoc/showdoc
Opgelost in
2.8.7
2.8.7
CVE-2025-0520 describes an Unrestricted File Upload vulnerability affecting Showdoc versions up to 2.8.6. This flaw allows attackers to upload malicious PHP files, potentially leading to remote code execution and complete system compromise. A patch is available in version 2.8.7, and immediate action is recommended to mitigate the risk.
The primary impact of CVE-2025-0520 is remote code execution (RCE). An attacker can upload a PHP shell, granting them control over the server hosting Showdoc. This could lead to data exfiltration, modification of documentation, installation of malware, or complete system takeover. The blast radius extends to any sensitive data stored within Showdoc, including internal documentation, user credentials, and potentially access to other systems if the server is part of a larger network. Successful exploitation could mirror the impact of other RCE vulnerabilities where attackers gain persistent access and leverage the compromised server for further malicious activities.
CVE-2025-0520 was published on 2025-04-29. The vulnerability's severity is rated as CRITICAL (CVSS 9.5). Public proof-of-concept (POC) code is likely to emerge given the ease of exploitation associated with unrestricted file uploads. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Showdoc installations. There is no indication of this CVE being on KEV or having an EPSS score at this time.
Exploit Status
EPSS
2.03% (84% percentiel)
CISA SSVC
The primary mitigation for CVE-2025-0520 is to upgrade Showdoc to version 2.8.7 or later. If upgrading immediately is not possible, implement temporary workarounds. Restrict file uploads to only explicitly allowed file types and extensions. Implement strict file extension validation on the server-side, not just client-side. Consider using a Web Application Firewall (WAF) to filter out potentially malicious file uploads. Regularly scan the Showdoc installation directory for unauthorized files. After upgrading, verify the fix by attempting to upload a PHP file with a disallowed extension; the upload should be rejected.
Actualice ShowDoc a la versión 2.8.7 o superior. Esta versión contiene una corrección para la vulnerabilidad de carga de archivos no autorizada. La actualización evitará la ejecución remota de código malicioso.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-0520 is a critical vulnerability in Showdoc versions up to 2.8.6 that allows attackers to upload arbitrary PHP files, leading to remote code execution. This impacts internal documentation platforms and knowledge bases.
You are affected if you are running Showdoc version 2.8.6 or earlier. Immediately assess your environment and apply the necessary mitigation steps.
Upgrade Showdoc to version 2.8.7 or later. If immediate upgrade isn't possible, implement temporary workarounds like restricting file types and using a WAF.
While there's no confirmed active exploitation at this time, the ease of exploitation suggests it's likely to become a target. Monitor security advisories and threat intelligence.
Refer to the Showdoc official website and security advisories for the latest information and updates regarding CVE-2025-0520: [https://www.showdoc.net/](https://www.showdoc.net/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.