Platform
java
Component
cachecloud
Opgelost in
3.0.1
3.1.1
3.2.1
CVE-2025-15220 is a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0 to 3.2.0. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability resides within the init function of the LoginController.java file and can be exploited remotely. A fix is available in version 3.2.1.
Successful exploitation of CVE-2025-15220 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to a wide range of malicious activities, including stealing session cookies, redirecting users to phishing sites, and injecting malicious content into the application. The remote nature of the vulnerability means an attacker doesn't need to be on the same network as the CacheCloud server. Given the public availability of an exploit, the risk of immediate exploitation is elevated. The potential impact extends to any user interacting with the vulnerable CacheCloud application, particularly those logging in or accessing user-specific data.
CVE-2025-15220 has a public proof-of-concept available, indicating a higher likelihood of exploitation. The vulnerability was reported to the project but remains unaddressed, increasing the risk. The vulnerability is not currently listed on CISA KEV, but its public exploit and lack of response from the vendor warrant close monitoring. The NVD was published on 2025-12-30.
Organizations utilizing SohuTV CacheCloud versions 3.0 through 3.2.0 are at risk. This includes those deploying CacheCloud in production environments, particularly those handling sensitive user data or integrating with other critical systems. Shared hosting environments using CacheCloud are also at increased risk due to the potential for cross-tenant exploitation.
• java / server: Examine application logs for unusual characters or patterns in login requests. Use a debugger to step through the LoginController.java code and observe how user input is handled.
• generic web: Use curl to test the login endpoint with various XSS payloads (e.g., <script>alert(1)</script>). Check response headers for Content-Security-Policy (CSP) settings.
• generic web: Monitor network traffic for suspicious requests originating from the CacheCloud server.
• generic web: Use a web application scanner to identify potential XSS vulnerabilities.
disclosure
poc
Exploit Status
EPSS
0.04% (12% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-15220 is to upgrade to SohuTV CacheCloud version 3.2.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as strict input validation and output encoding on user-supplied data within the LoginController.java file. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of protection. Monitor application logs for suspicious activity, particularly requests containing unusual characters or patterns that might indicate an attempted XSS attack. After upgrading, confirm the fix by attempting to inject a simple XSS payload through the login form and verifying that it is properly sanitized.
Werk CacheCloud bij naar een versie later dan 3.2.0 die de Cross-Site Scripting (XSS) kwetsbaarheid verhelpt. Raadpleeg de release notes om te verifiëren of de kwetsbaarheid is opgelost. Indien er geen versie beschikbaar is, bekijk dan de broncode en pas een patch toe die de gebruikersinvoer correct escapeert of valideert in de init functie van de LoginController.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-15220 is a cross-site scripting vulnerability in SohuTV CacheCloud versions 3.0 to 3.2.0, allowing attackers to inject malicious scripts.
You are affected if you are using SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade to SohuTV CacheCloud version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
Yes, a public proof-of-concept exists, indicating a high probability of active exploitation.
Refer to the SohuTV CacheCloud project's official website or communication channels for the advisory regarding CVE-2025-15220.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.