CVE-2025-15221 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-15221?

CVE-2025-15221 has a CVSS score of 3.5 (LOW). This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interfaces through the AppDataMigrateController. When users view affected pages, these scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. Organizations using CacheCloud versions up to 3.2.0 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interfaces through the AppDataMigrateController. When users view affected pages, these scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. Organizations using CacheCloud versions up to 3.2.0 are affected.

💻 Affected Systems

Products:

SohuTV CacheCloud

Versions: Up to and including version 3.2.0

Operating Systems: All platforms running CacheCloud

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the index function of AppDataMigrateController.java and affects all deployments of vulnerable versions.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface the application, or redirect users to malicious sites, potentially leading to complete system compromise.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the CacheCloud web interface by injecting malicious JavaScript payloads.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting users who directly interact with maliciously crafted URLs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit has been published and remote exploitation is possible. Attackers can craft malicious URLs containing JavaScript payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Monitor the GitHub repository for updates: https://github.com/sohutv/cachecloud/issues/380

🔧 Temporary Workarounds

Implement Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads before they reach the application.

Input Validation and Output Encoding

all

Manually implement proper input validation and output encoding in the affected controller to sanitize user input.

🧯 If You Can't Patch

Restrict access to CacheCloud web interface to trusted networks only using firewall rules.
Implement Content Security Policy (CSP) headers to mitigate script injection impact.

🔍 How to Verify

Check if Vulnerable:

Check if CacheCloud version is 3.2.0 or earlier. Review the AppDataMigrateController.java file for lack of input sanitization in the index function.

Check Version:

Check application configuration files or deployment manifests for version information.

Verify Fix Applied:

Test the application with XSS payloads in the affected endpoint to ensure they are properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript patterns in URL parameters
Multiple requests with script tags or JavaScript functions in query strings

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in URL parameters to CacheCloud endpoints

SIEM Query:

Search for web logs containing patterns like *<script>* or *javascript:* in URL parameters targeting CacheCloud endpoints.

📊 Metadata

CVE ID: CVE-2025-15221

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (7th percentile)

Published: December 30, 2025

Last Updated: January 6, 2026

🔗 References

https://github.com/sohutv/cachecloud/issues/380 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.338606 Permissions Required,VDB Entry
https://vuldb.com/?id.338606 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.716321 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15221, you might also want to check these: