Login Sign Up

CVE-2025-15201

3.5 LOW
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud up to version 3.2.0. The flaw in the redirectNoPower function allows attackers to inject malicious scripts that execute in users' browsers. Organizations using vulnerable CacheCloud instances are affected, particularly if the application is internet-facing.

💻 Affected Systems

Products:
  • SohuTV CacheCloud
Versions: Up to and including 3.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration of affected versions.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to account compromise or data theft.

🟠

Likely Case

Attackers inject malicious scripts to steal session tokens or credentials from users who interact with the vulnerable endpoint.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to script execution in isolated browser contexts without access to sensitive data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit has been published and remote exploitation is possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Monitor the GitHub repository for updates.

🔧 Temporary Workarounds

Implement WAF Rules

all

Deploy a web application firewall with XSS detection and prevention rules to block malicious payloads.

Input Validation Filter

all

Add server-side input validation to sanitize user inputs before processing in the redirectNoPower function.

🧯 If You Can't Patch

  • Restrict access to the CacheCloud application using network segmentation or firewall rules to limit exposure.
  • Implement Content Security Policy (CSP) headers to mitigate the impact of successful XSS attacks.

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is 3.2.0 or earlier by examining the application version in the web interface or configuration files.

Check Version:

Check application.properties or similar configuration files for version information.

Verify Fix Applied:

Test the redirectNoPower endpoint with XSS payloads to confirm they are properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /redirectNoPower endpoint with script tags or JavaScript payloads in parameters

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript code in URL parameters

SIEM Query:

web.url:*redirectNoPower* AND (web.param:*<script>* OR web.param:*javascript:*)

📊 Metadata

CVE ID: CVE-2025-15201
CVSS v3 Score: 3.5 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (7th percentile)
Published: December 29, 2025
Last Updated: January 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15201, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)