CVE-2025-15146 – This vulnerability allows remote attackers to i... (How to Fix)

Q: What is the severity of CVE-2025-15146?

CVE-2025-15146 has a CVSS score of 2.4 (LOW). This vulnerability allows remote attackers to inject malicious scripts into the SohuTV CacheCloud user management interface via the doUserList function. Users who view the compromised user list page could have their sessions hijacked or be redirected to malicious sites. Affects all deployments of SohuTV CacheCloud up to version 3.2.0.

📋 TL;DR

This vulnerability allows remote attackers to inject malicious scripts into the SohuTV CacheCloud user management interface via the doUserList function. Users who view the compromised user list page could have their sessions hijacked or be redirected to malicious sites. Affects all deployments of SohuTV CacheCloud up to version 3.2.0.

💻 Affected Systems

Products:

SohuTV CacheCloud

Versions: up to 3.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable UserManageController.java file are affected. The vulnerability is in the web management interface component.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, perform session hijacking, redirect users to phishing sites, or execute arbitrary actions in the context of authenticated users.

🟠

Likely Case

Session hijacking leading to unauthorized access to the CacheCloud management interface, potentially allowing configuration changes or data exposure.

🟢

If Mitigated

Limited to session token theft or minor UI manipulation if proper Content Security Policy and input validation are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in GitHub issue #366. Attack requires user interaction (viewing the compromised page).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Monitor GitHub repository for updates. Consider implementing workarounds or migrating to alternative solutions.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to prevent script execution from untrusted sources

Add to web server configuration: Content-Security-Policy: default-src 'self'; script-src 'self'

Input Validation Filter

all

Add input sanitization to the doUserList function to strip HTML/JavaScript

Modify src/main/java/com/sohu/cache/web/controller/UserManageController.java to sanitize user input with HTML escaping

🧯 If You Can't Patch

Restrict access to the CacheCloud management interface to trusted networks only
Implement a Web Application Firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is 3.2.0 or earlier. Review UserManageController.java for lack of input sanitization in doUserList function.

Check Version:

Check application.properties or pom.xml for version information, or run: java -jar cachecloud-web.jar --version

Verify Fix Applied:

Verify that user input in the user management interface is properly HTML-encoded and cannot execute JavaScript.

📡 Detection & Monitoring

Log Indicators:

Unusual long parameter values in /user/manage/list requests
JavaScript patterns in user management queries

Network Indicators:

HTTP requests to /user/manage/list with script tags or JavaScript in parameters

SIEM Query:

web.url.path:"/user/manage/list" AND (web.url.query:*<script* OR web.url.query:*javascript:* OR web.url.query.length>500)

📊 Metadata

CVE ID: CVE-2025-15146

CVSS v3 Score: 2.4 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: December 28, 2025

Last Updated: January 7, 2026

🔗 References

https://github.com/sohutv/cachecloud/issues/366 Exploit,Issue Tracking
https://github.com/sohutv/cachecloud/issues/366#issue-3733542570 Exploit,Issue Tracking
https://vuldb.com/?ctiid.338524 Permissions Required,VDB Entry
https://vuldb.com/?id.338524 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.716302 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15146, you might also want to check these: