Plataforma
java
Componente
cachecloud
Corrigido em
3.0.1
3.1.1
3.2.1
CVE-2025-15220 is a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0 to 3.2.0. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability resides within the init function of the LoginController.java file and can be exploited remotely. A fix is available in version 3.2.1.
Successful exploitation of CVE-2025-15220 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to a wide range of malicious activities, including stealing session cookies, redirecting users to phishing sites, and injecting malicious content into the application. The remote nature of the vulnerability means an attacker doesn't need to be on the same network as the CacheCloud server. Given the public availability of an exploit, the risk of immediate exploitation is elevated. The potential impact extends to any user interacting with the vulnerable CacheCloud application, particularly those logging in or accessing user-specific data.
CVE-2025-15220 has a public proof-of-concept available, indicating a higher likelihood of exploitation. The vulnerability was reported to the project but remains unaddressed, increasing the risk. The vulnerability is not currently listed on CISA KEV, but its public exploit and lack of response from the vendor warrant close monitoring. The NVD was published on 2025-12-30.
Organizations utilizing SohuTV CacheCloud versions 3.0 through 3.2.0 are at risk. This includes those deploying CacheCloud in production environments, particularly those handling sensitive user data or integrating with other critical systems. Shared hosting environments using CacheCloud are also at increased risk due to the potential for cross-tenant exploitation.
• java / server: Examine application logs for unusual characters or patterns in login requests. Use a debugger to step through the LoginController.java code and observe how user input is handled.
• generic web: Use curl to test the login endpoint with various XSS payloads (e.g., <script>alert(1)</script>). Check response headers for Content-Security-Policy (CSP) settings.
• generic web: Monitor network traffic for suspicious requests originating from the CacheCloud server.
• generic web: Use a web application scanner to identify potential XSS vulnerabilities.
disclosure
poc
Status do Exploit
EPSS
0.04% (percentil 12%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-15220 is to upgrade to SohuTV CacheCloud version 3.2.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as strict input validation and output encoding on user-supplied data within the LoginController.java file. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of protection. Monitor application logs for suspicious activity, particularly requests containing unusual characters or patterns that might indicate an attempted XSS attack. After upgrading, confirm the fix by attempting to inject a simple XSS payload through the login form and verifying that it is properly sanitized.
Atualizar CacheCloud para uma versão posterior a 3.2.0 que corrija a vulnerabilidade de Cross-Site Scripting (XSS). Consultar as notas de versão para verificar se a vulnerabilidade foi resolvida. Se não houver uma versão disponível, revisar o código fonte e aplicar um patch que escape ou valide corretamente as entradas do usuário na função init do LoginController.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-15220 is a cross-site scripting vulnerability in SohuTV CacheCloud versions 3.0 to 3.2.0, allowing attackers to inject malicious scripts.
You are affected if you are using SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade to SohuTV CacheCloud version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
Yes, a public proof-of-concept exists, indicating a high probability of active exploitation.
Refer to the SohuTV CacheCloud project's official website or communication channels for the advisory regarding CVE-2025-15220.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.