Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.