Critical Remote Code Execution in ShowDoc (CVE‑2025‑0520) Enables Global Server Takeover
What It Is — ShowDoc, an open‑source documentation platform widely embedded in SaaS and on‑premises stacks, contains a remote‑code‑execution flaw (CVE‑2025‑0520). The vulnerability allows an unauthenticated attacker to upload a web‑shell, achieving full control of the underlying web server.
Exploitability — Public exploit code and “as‑seen” reports show the flaw is being leveraged in the wild. CVSS v3.1 base score is 9.8 (Critical).
Affected Products — ShowDoc ≤ 3.5.2 (all deployment models: self‑hosted, Docker, Kubernetes).
TPRM Impact — Organizations that rely on ShowDoc for internal knowledge bases, API documentation, or embed it in customer‑facing portals face a supply‑chain risk: a compromised ShowDoc instance can become a foothold for lateral movement, data exfiltration, or ransomware deployment across the vendor’s network.
Recommended Actions —
- Verify that every ShowDoc instance is running version 3.5.3 or later (the 2020 patch).
- Conduct an inventory of all ShowDoc deployments across third‑party vendors and internal teams.
- Apply the official patch or migrate to a hardened alternative.
- Scan web‑servers for unexpected web‑shells and anomalous outbound traffic.
- Enforce network segmentation and least‑privilege access for documentation services.
Source: HackRead – ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers