Login Sign Up

CVE-2025-15175

3.5 LOW
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud that allows attackers to inject malicious scripts into web pages. The vulnerability affects users accessing the CacheCloud web interface and can be exploited remotely. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:
  • SohuTV CacheCloud
Versions: up to 3.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects web interface users; Redis cache backend itself is not directly vulnerable.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of CacheCloud instance, and compromise the entire Redis cache infrastructure.

🟠

Likely Case

Attackers steal user session cookies, perform unauthorized actions, or redirect users to malicious sites.

🟢

If Mitigated

With proper input validation and output encoding, the XSS payloads are neutralized before reaching users.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub issues; remote exploitation requires user interaction with malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation and output encoding in AppController.java or upgrading if vendor releases fix.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server headers

Web Application Firewall Rules

all

Configure WAF to block XSS payloads in requests

Configure WAF to filter <script>, javascript:, and other XSS patterns in URL parameters

🧯 If You Can't Patch

  • Restrict CacheCloud web interface to internal network only
  • Implement strict session management with short timeouts and secure cookies

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is 3.2.0 or earlier and review AppController.java for lack of input sanitization in doAppList/appCommandAnalysis functions

Check Version:

Check pom.xml or application.properties for version information

Verify Fix Applied:

Test XSS payloads in affected endpoints; successful payload execution indicates vulnerability

📡 Detection & Monitoring

Log Indicators:

  • Unusual long parameter values in /app/list or /app/command requests
  • JavaScript patterns in URL parameters

Network Indicators:

  • HTTP requests with script tags or javascript: in query parameters

SIEM Query:

web.url:*script* OR web.url:*javascript:* AND dest.port:8080 AND dest.app:"cachecloud"

📊 Metadata

CVE ID: CVE-2025-15175
CVSS v3 Score: 3.5 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (15th percentile)
Published: December 29, 2025
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15175, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)