CVE-2025-15171 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-15171?

CVE-2025-15171 has a CVSS score of 3.5 (LOW). This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface through the ServerController's index function. Affected users are those running CacheCloud up to version 3.2.0 with internet-facing web interfaces. Successful exploitation enables cross-site scripting attacks against users accessing the vulnerable interface.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface through the ServerController's index function. Affected users are those running CacheCloud up to version 3.2.0 with internet-facing web interfaces. Successful exploitation enables cross-site scripting attacks against users accessing the vulnerable interface.

💻 Affected Systems

Products:

SohuTV CacheCloud

Versions: up to 3.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with web interface accessible. The vulnerability is in the ServerController's index function which handles web requests.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deliver malware through the compromised web interface.

🟠

Likely Case

Attackers inject malicious JavaScript to steal session tokens or credentials from authenticated users, potentially gaining unauthorized access to the CacheCloud management interface.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability would be prevented, and impact limited to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub issues. Remote exploitation is possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Monitor GitHub repository for updates. Consider applying input validation and output encoding fixes manually if source code access is available.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads before they reach the application.

Network Segmentation

linux

Restrict access to CacheCloud web interface to trusted networks only using firewall rules.

iptables -A INPUT -p tcp --dport [cachecloud-port] -s [trusted-network] -j ACCEPT
iptables -A INPUT -p tcp --dport [cachecloud-port] -j DROP

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution sources
Deploy reverse proxy with request filtering to sanitize inputs before reaching CacheCloud

🔍 How to Verify

Check if Vulnerable:

Check CacheCloud version. If version is 3.2.0 or earlier, the system is vulnerable. Test by attempting to inject basic XSS payloads into ServerController endpoints.

Check Version:

Check application.properties or build files for version information, or examine the web interface footer/headers.

Verify Fix Applied:

Verify version is above 3.2.0 or test that XSS payloads are properly sanitized/escaped in the ServerController index function output.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript or HTML patterns in request parameters
Multiple requests with script tags or event handlers
Requests to ServerController endpoints with encoded payloads

Network Indicators:

HTTP requests containing <script>, javascript:, or on* event handlers in parameters
Unusual content-type or encoding in requests to CacheCloud web interface

SIEM Query:

source="cachecloud" AND (url="*ServerController*" AND (param="*<script>*" OR param="*javascript:*" OR param="*onclick*" OR param="*onload*"))

📊 Metadata

CVE ID: CVE-2025-15171

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: December 29, 2025

Last Updated: January 7, 2026

🔗 References

https://github.com/sohutv/cachecloud/issues/367 Exploit,Issue Tracking,Vendor Advisory
https://github.com/sohutv/cachecloud/issues/367#issue-3733551662 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.338556 Permissions Required,VDB Entry
https://vuldb.com/?id.338556 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.716304 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15171, you might also want to check these: