What is CVE-2025-15173 — XSS in SohuTV CacheCloud?

CVE-2025-15173 is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud versions 3.0-3.2.0, allowing remote attackers to inject malicious scripts.

Am I affected by CVE-2025-15173 in SohuTV CacheCloud?

Yes, if you are using SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0, you are vulnerable to this XSS attack.

How do I fix CVE-2025-15173 in SohuTV CacheCloud?

Upgrade to version 3.2.1 or later to resolve the vulnerability. Consider input validation and WAF rules as temporary mitigations.

Is CVE-2025-15173 being actively exploited?

Yes, a public exploit is available, indicating a high probability of active exploitation.

Where can I find the official SohuTV advisory for CVE-2025-15173?

As of this writing, no official advisory has been published by SohuTV. Monitor their website and security mailing lists for updates.

CVE-2025-15173 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-15173 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• java / server:

find /opt/sohutv/cachecloud/ -name "InstanceController.java"

• generic web:

curl -I https://your-cachecloud-instance/advancedAnalysis?param=<script>alert('XSS')</script>

• generic web:

grep -i 'advancedAnalysis' /var/log/apache2/access.log

SohuTV CacheCloud InstanceController.java advancedAnalysis cross site scripting

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-15173 — XSS in SohuTV CacheCloud?

Am I affected by CVE-2025-15173 in SohuTV CacheCloud?

How do I fix CVE-2025-15173 in SohuTV CacheCloud?

Is CVE-2025-15173 being actively exploited?

Where can I find the official SohuTV advisory for CVE-2025-15173?

Seu projeto está afetado?

Detecte esta CVE no seu projeto