Login Sign Up

CVE-2025-15145

2.4 LOW
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud up to version 3.2.0 that allows attackers to inject malicious scripts via the doTotalList function. The vulnerability can be exploited remotely without authentication, potentially affecting any user accessing the vulnerable web interface. The project maintainers have been notified but haven't responded or released a fix.

💻 Affected Systems

Products:
  • SohuTV CacheCloud
Versions: Up to and including 3.2.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web controller component; requires the vulnerable endpoint to be accessible.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect users to malicious sites, or deface the web interface.

🟠

Likely Case

Session hijacking, credential theft, or malicious script execution in users' browsers when they access the vulnerable endpoint.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, or if the vulnerable endpoint is not exposed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed in GitHub issues; remote exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Monitor the GitHub repository for updates or consider applying community fixes.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding in the doTotalList function to sanitize user inputs.

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to filter malicious payloads before they reach the application.

🧯 If You Can't Patch

  • Restrict access to the vulnerable endpoint using network ACLs or authentication.
  • Implement Content Security Policy (CSP) headers to mitigate script injection impact.

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is ≤3.2.0 and if the doTotalList endpoint is accessible.

Check Version:

Check application configuration or deployment files for version information.

Verify Fix Applied:

Test the doTotalList endpoint with XSS payloads; if sanitized or blocked, the fix is likely applied.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /totalManage/doTotalList with script tags or JavaScript payloads

Network Indicators:

  • HTTP requests containing malicious script patterns targeting the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/totalManage/doTotalList" AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-15145
CVSS v3 Score: 2.4 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.3th percentile)
Published: December 28, 2025
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15145, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)