Platform
java
Component
cachecloud
Fixed in
3.0.1
3.1.1
3.2.1
CVE-2025-15200 describes a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0 through 3.2.0. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or session hijacking. The vulnerability resides within the getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex function. A patch is available in version 3.2.1.
Successful exploitation of CVE-2025-15200 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can be leveraged to steal sensitive information such as cookies, session tokens, and personal data. An attacker could also redirect users to malicious websites or deface the application. The remote nature of the vulnerability means it can be exploited without requiring local access to the system. Given the public availability of an exploit, the risk of immediate exploitation is elevated.
The vulnerability is publicly disclosed and an exploit is already available, increasing the likelihood of exploitation. It has been added to the NVD database on 2025-12-29. The project maintainers have not yet responded to the issue report, which could indicate a lack of active support or a delayed response to security concerns. The EPSS score is likely medium due to the public exploit and lack of immediate response from the vendor.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15200 is to upgrade SohuTV CacheCloud to version 3.2.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the affected functions (getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex) to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, verify the fix by attempting to inject a simple XSS payload into the vulnerable endpoints and confirming that it is properly neutralized.
Update CacheCloud to a version later than 3.2.0 that fixes the XSS vulnerability. If no version is available, review and sanitize user inputs in the getExceptionStatisticsByClient, getCommandStatisticsByClient, and doIndex functions of the AppClientDataShowController.java file to prevent malicious code injection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15200 is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud versions 3.0-3.2.0, allowing attackers to inject malicious scripts.
You are affected if you are running SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade SohuTV CacheCloud to version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Refer to the SohuTV CacheCloud project's official website or security advisory page for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.