CVE-2025-15172
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud's Redis configuration template preview function, enabling cross-site scripting attacks. It affects CacheCloud versions up to 3.2.0 and can be exploited remotely without authentication.
💻 Affected Systems
- SohuTV CacheCloud
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially compromising the entire CacheCloud management interface.
Likely Case
Session hijacking of CacheCloud administrators, allowing unauthorized access to Redis management functions and potentially sensitive configuration data.
If Mitigated
Limited to script execution in victim's browser context with proper input validation and output encoding in place.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues. Remote exploitation is straightforward with basic web application testing tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Monitor GitHub repository for updates: https://github.com/sohutv/cachecloud
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize all user inputs to the RedisConfigTemplateController preview function
Implement proper input sanitization in src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java
Output Encoding
allApply proper output encoding for all dynamic content rendered in the preview function
Use appropriate encoding libraries (e.g., OWASP Java Encoder) for all user-controlled output
🧯 If You Can't Patch
- Restrict access to CacheCloud management interface to trusted networks only using firewall rules
- Implement Web Application Firewall (WAF) with XSS protection rules to block malicious payloads
🔍 How to Verify
Check if Vulnerable:
Check CacheCloud version. If version <= 3.2.0, test the Redis configuration template preview function with XSS payloadsCheck Version:
Check application.properties or build files for version informationVerify Fix Applied:
Test with XSS payloads after implementing input validation and output encoding. Verify no script execution occurs📡 Detection & Monitoring
Log Indicators:
- Unusual requests to /controller/RedisConfigTemplateController with script tags or JavaScript payloads
- Multiple failed XSS attempts
Network Indicators:
- HTTP requests containing <script>, javascript:, or other XSS payload patterns
SIEM Query:
source="cachecloud" AND (uri="*RedisConfigTemplateController*" AND (content="*<script>*" OR content="*javascript:*"))