Plateforme
java
Composant
cachecloud
Corrigé dans
3.0.1
3.1.1
3.2.1
CVE-2025-15201 describes a cross-site scripting (XSS) vulnerability discovered in SohuTV CacheCloud versions 3.0 through 3.2.0. This flaw allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides within the redirectNoPower function and can be exploited remotely. A fix is available in version 3.2.1.
Successful exploitation of CVE-2025-15201 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to a variety of malicious outcomes, including the theft of sensitive information like session cookies, redirection to phishing sites, and modification of the application's content. Given the remote nature of the vulnerability and the availability of a public exploit, the potential for widespread exploitation is significant. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant immediate attention.
A public proof-of-concept (PoC) for CVE-2025-15201 has been published, indicating a relatively low barrier to entry for attackers. The vulnerability was reported to the project early, but there has been no response. The EPSS score is likely to be medium, reflecting the availability of a PoC and the potential for exploitation. This CVE was published on 2025-12-29.
Organizations using SohuTV CacheCloud in production, particularly those running versions 3.0 through 3.2.0, are at risk. Shared hosting environments where multiple users share the same CacheCloud instance are especially vulnerable, as an attacker could potentially compromise other users' sessions.
• java / server: Examine application logs for requests containing suspicious JavaScript payloads targeting the /WebResourceController/redirectNoPower endpoint.
• generic web: Use curl or wget to test the /WebResourceController/redirectNoPower endpoint with various XSS payloads. Example:
curl 'http://<cachecloud_ip>/WebResourceController/redirectNoPower?param=<script>alert("XSS")</script>' -vdisclosure
poc
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-15201 is to upgrade to SohuTV CacheCloud version 3.2.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on user-supplied data within the WebResourceController.java file to prevent script injection. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Monitor application logs for suspicious activity, particularly requests targeting the redirectNoPower function.
Actualice CacheCloud a una versión posterior a la 3.2.0. Si no es posible actualizar, revise y sanitize las entradas de usuario en la función redirectNoPower del archivo src/main/java/com/sohu/cache/web/controller/WebResourceController.java para evitar la inyección de código malicioso.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-15201 is a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0-3.2.0, allowing attackers to inject malicious scripts remotely.
You are affected if you are using SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade to SohuTV CacheCloud version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
A public proof-of-concept exists, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
Refer to the SohuTV CacheCloud project's official website or communication channels for the advisory related to CVE-2025-15201.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.