CVE-2025-15200
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface through specific controller functions. When exploited, it enables cross-site scripting attacks that can steal user sessions or redirect users to malicious sites. Organizations using CacheCloud versions up to 3.2.0 are affected.
💻 Affected Systems
- SohuTV CacheCloud
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, compromise the CacheCloud management interface, and potentially gain control over the Redis cache infrastructure.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, leading to account takeover of CacheCloud administrators.
If Mitigated
With proper input validation and output encoding, the impact is limited to minor UI disruption without data compromise.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues. Attack requires user interaction with malicious links or forms.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: Yes
Instructions:
No official patch available. Monitor GitHub repository for updates. Consider implementing input validation and output encoding in affected controller functions.
🔧 Temporary Workarounds
Implement Input Validation
allAdd server-side validation to sanitize user input in affected controller functions
Modify src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java to implement proper input sanitization
Web Application Firewall
allDeploy WAF with XSS protection rules to filter malicious requests
🧯 If You Can't Patch
- Restrict access to CacheCloud web interface to trusted networks only
- Implement Content Security Policy headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check if CacheCloud version is 3.2.0 or earlier. Review if AppClientDataShowController.java lacks proper input validation in getExceptionStatisticsByClient, getCommandStatisticsByClient, and doIndex functions.Check Version:
Check pom.xml for version or application.properties for version informationVerify Fix Applied:
Test with XSS payloads to verify input is properly sanitized. Check that user input is encoded before being rendered in responses.📡 Detection & Monitoring
Log Indicators:
- Unusual parameter values containing script tags or JavaScript in requests to /app/client/data endpoints
- Multiple failed XSS attempts in web logs
Network Indicators:
- HTTP requests containing <script> tags or JavaScript in query parameters to CacheCloud web interface
SIEM Query:
source="cachecloud" AND (http.uri="*getExceptionStatisticsByClient*" OR http.uri="*getCommandStatisticsByClient*" OR http.uri="*doIndex*") AND (http.query="*<script>*" OR http.query="*javascript:*")🔗 References
- https://github.com/sohutv/cachecloud/issues/372
- https://github.com/sohutv/cachecloud/issues/382
- https://vuldb.com/?ctiid.338587
- https://vuldb.com/?id.338587
- https://vuldb.com/?submit.716311
- https://vuldb.com/?submit.716323
- https://vuldb.com/?submit.716324
- https://github.com/sohutv/cachecloud/issues/372
- https://github.com/sohutv/cachecloud/issues/382
