Login Sign Up

CVE-2025-15203

2.4 LOW
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud up to version 3.2.0 that allows attackers to inject malicious scripts into web pages. The vulnerability affects users who access the vulnerable CacheCloud interface, potentially allowing session hijacking or credential theft. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:
  • SohuTV CacheCloud
Versions: Up to and including 3.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the ResourceController.java index function. Requires the CacheCloud web interface to be accessible.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers inject malicious scripts that steal session cookies or credentials from users who visit the vulnerable page, potentially leading to unauthorized access.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability would be prevented, and impact would be limited to failed exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the GitHub issue. Remote exploitation is possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Monitor the GitHub repository for patches. 2. Apply any official patch when available. 3. Restart the CacheCloud service after patching.

🔧 Temporary Workarounds

Implement WAF Rules

all

Deploy a web application firewall with XSS protection rules to block malicious payloads.

Input Validation Filter

all

Add input validation to sanitize user input in the ResourceController index function.

🧯 If You Can't Patch

  • Restrict access to the CacheCloud web interface using network segmentation or firewall rules.
  • Implement Content Security Policy (CSP) headers to mitigate XSS impact.

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is 3.2.0 or earlier and the web interface is accessible.

Check Version:

Check application configuration or deployment files for version information.

Verify Fix Applied:

Verify that input to the ResourceController index function is properly sanitized and output encoded.

📡 Detection & Monitoring

Log Indicators:

  • Unusual input patterns in web access logs containing script tags or JavaScript code

Network Indicators:

  • HTTP requests with suspicious parameters containing script payloads

SIEM Query:

web_access_logs WHERE url CONTAINS '<script' OR url CONTAINS 'javascript:'

📊 Metadata

CVE ID: CVE-2025-15203
CVSS v3 Score: 2.4 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (8.9th percentile)
Published: December 29, 2025
Last Updated: January 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15203, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)