ShowDoc RCE Flaw CVE-2025-0520 Under Active Exploitation, CISA Flags Six Critical CVEs

A critical remote code execution vulnerability in ShowDoc, tracked as CVE-2025-0520, is now being actively exploited against unpatched servers. This flaw allows attackers to execute arbitrary code on affected systems, posing a severe and immediate threat to organizations using the popular open-source documentation tool. The exploitation is not theoretical; it is happening in the wild, turning vulnerable instances into compromised assets.

This active threat wave coincides with a significant update from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The list includes critical flaws in Fortinet FortiClient EMS, Microsoft Windows, and Adobe products, mandating federal agencies to patch them promptly. The parallel emergence of these threats underscores a coordinated or opportunistic surge in attacker activity targeting both widely-used enterprise software and popular consumer platforms.

Further amplifying the digital risk landscape, researchers identified a cluster of 108 malicious Chrome extensions sharing command-and-control infrastructure to steal data from Google and Telegram users. Simultaneously, the Mirax Android RAT is being distributed through Meta ad campaigns, converting infected devices into SOCKS5 proxies for attackers. These campaigns, combined with a newly patched critical ABAP vulnerability in SAP's enterprise product line, create a multi-vector assault on corporate and personal security, demanding urgent defensive action across IT and security teams.