Plateforme
java
Composant
cachecloud
Corrigé dans
3.0.1
3.1.1
3.2.1
CVE-2025-15171 describes a cross-site scripting (XSS) vulnerability discovered in SohuTV CacheCloud versions 3.0 through 3.2.0. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or session hijacking. A public exploit is available, increasing the risk of exploitation. The vulnerability is addressed in version 3.2.1.
The XSS vulnerability in SohuTV CacheCloud allows attackers to execute arbitrary JavaScript code within the context of a user's browser. This can be exploited to steal sensitive information, such as cookies and session tokens, which can then be used to impersonate the user. Attackers could also redirect users to malicious websites or deface the application. Given the public availability of an exploit, the risk of exploitation is elevated, particularly for systems that haven't been patched. The potential blast radius extends to all users of the affected CacheCloud instances.
CVE-2025-15171 has been publicly disclosed and a proof-of-concept exploit is available. This significantly increases the likelihood of exploitation. The vulnerability was reported to the project early, but there has been no response. The CVSS score is LOW, but the public exploit and lack of vendor response warrant immediate attention. It has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing SohuTV CacheCloud for caching and content delivery are at risk, particularly those running versions 3.0 through 3.2.0. Shared hosting environments where multiple users share the same CacheCloud instance are especially vulnerable, as an attacker could potentially exploit the vulnerability to target other users.
• java / server: Examine application logs for suspicious JavaScript payloads or unusual URL parameters in requests to the /index endpoint.
grep -i 'script' /var/log/application.log• generic web: Use curl to test the /index endpoint with various payloads containing <script> tags or event handlers.
curl -X POST -d '<script>alert("XSS")</script>' http://your-cachecloud-instance/index• generic web: Check response headers for the presence of Content-Security-Policy (CSP) directives that might mitigate XSS attacks.
curl -I http://your-cachecloud-instance/indexdisclosure
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-15171 is to upgrade to SohuTV CacheCloud version 3.2.1 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the affected ServerController.java index function to sanitize user-supplied data. Web application firewalls (WAFs) can be configured to detect and block XSS attempts targeting this specific vulnerability. Regularly review access logs for suspicious activity, particularly requests containing unusual characters or patterns that might indicate an attempted XSS attack.
Actualice CacheCloud a una versión posterior a la 3.2.0, si está disponible, para corregir la vulnerabilidad XSS. Si no hay una versión corregida disponible, revise y sanitize las entradas del usuario en la función index del archivo ServerController.java para prevenir la inyección de código malicioso.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-15171 is a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0-3.2.0, allowing attackers to inject malicious scripts.
You are affected if you are running SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade to SohuTV CacheCloud version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
A public exploit exists, indicating a high probability of active exploitation. Immediate action is recommended.
Check the SohuTV CacheCloud official website or GitHub repository for the advisory, although no response has been reported as of this writing.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.