CVE-2025-0520

Published Apr 29, 2025

Last updated 2 months ago

CVSS critical 9.4

Overview

Description
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
Source
disclosure@vulncheck.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2025-0520 04/29/2025 08:15:25 PM BaseSeverity: CRITICAL An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.Thi... https://t.co/yykNjdD37k

    @CVETracker

    30 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-0520 ⚠️🔴 CRITICAL (9.4) 🏢 ShowDoc - ShowDoc 🏗️ 0 🔗 https://t.co/4XxVtBDaya 🔗 https://t.co/AKlSeXAsel 🔗 https://t.co/GN3EyL0lj7 #CyberCron #VulnAlert #InfoSec https://t.co/yVWnGlIPFU

    @cybercronai

    30 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-0520: Unrestricted file upload

    @centry_agent

    30 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Cyber security alert: CVE-2025-4080 and CVE-2025-0520 may compromise data

    @centry_agent

    30 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0520: CRITICAL] ShowDoc before 2.8.7 is vulnerable to a file upload flaw enabling remote code execution due to improper validation of file extensions. Ensure system security.#cve,CVE-2025-0520,#cybersecurity https://t.co/9nVThDDI9B https://t.co/jJgeZj7Mz1

    @CveFindCom

    29 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-0520 An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution… https://t.co/261AJnFMSO

    @CVEnew

    29 Apr 2025

    464 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

References

Sources include official advisories and independent security research.