Dossier
unrestricted file upload
Coverage of unrestricted file upload in the Nexus archive.
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical unrestricted file upload vulnerability (CVE-2025-0520/CNVD-2020-26585) in ShowDoc, a Chinese document management service, is being actively exploited. The flaw has a CVSS score of 9.4 and stems from improper validation of file uploads.