Login Sign Up

CVE-2025-15173

3.5 LOW
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface via the advancedAnalysis function. Affected users are those running CacheCloud up to version 3.2.0 with the vulnerable InstanceController component exposed. The XSS attack can be executed remotely without authentication.

💻 Affected Systems

Products:
  • SohuTV CacheCloud
Versions: up to 3.2.0
Operating Systems: Any OS running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the web interface to be accessible and the advancedAnalysis endpoint to be exposed.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface the interface, or redirect users to malicious sites.

🟠

Likely Case

Session hijacking leading to unauthorized access to cache management functions, potentially allowing data manipulation or service disruption.

🟢

If Mitigated

With proper input validation and output encoding, the attack would be prevented, limiting impact to failed exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub issue #369, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch exists. Monitor GitHub repository for updates. If patched, update to fixed version and restart CacheCloud service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input to the advancedAnalysis function

Modify src/main/java/com/sohu/cache/web/controller/InstanceController.java to add input sanitization

Web Application Firewall

all

Deploy WAF with XSS protection rules to filter malicious requests

🧯 If You Can't Patch

  • Restrict network access to CacheCloud web interface using firewall rules
  • Implement Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check CacheCloud version. If version <= 3.2.0 and InstanceController is accessible, system is vulnerable.

Check Version:

Check pom.xml or application properties for version information

Verify Fix Applied:

Test advancedAnalysis endpoint with XSS payloads after implementing workarounds to ensure they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /instance/advancedAnalysis endpoint with script tags or JavaScript code

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript payloads to CacheCloud web interface

SIEM Query:

web.url:*advancedAnalysis* AND (web.query:*<script>* OR web.query:*javascript:* OR web.query:*onerror=*)

📊 Metadata

CVE ID: CVE-2025-15173
CVSS v3 Score: 3.5 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (7.6th percentile)
Published: December 29, 2025
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15173, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)