3.0.1
3.1.1
3.2.1
CVE-2025-15220 is a cross-site scripting (XSS) vulnerability affecting SohuTV CacheCloud versions 3.0 to 3.2.0. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability resides within the init function of the LoginController.java file and can be exploited remotely. A fix is available in version 3.2.1.
Successful exploitation of CVE-2025-15220 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to a wide range of malicious activities, including stealing session cookies, redirecting users to phishing sites, and injecting malicious content into the application. The remote nature of the vulnerability means an attacker doesn't need to be on the same network as the CacheCloud server. Given the public availability of an exploit, the risk of immediate exploitation is elevated. The potential impact extends to any user interacting with the vulnerable CacheCloud application, particularly those logging in or accessing user-specific data.
CVE-2025-15220 has a public proof-of-concept available, indicating a higher likelihood of exploitation. The vulnerability was reported to the project but remains unaddressed, increasing the risk. The vulnerability is not currently listed on CISA KEV, but its public exploit and lack of response from the vendor warrant close monitoring. The NVD was published on 2025-12-30.
Organizations utilizing SohuTV CacheCloud versions 3.0 through 3.2.0 are at risk. This includes those deploying CacheCloud in production environments, particularly those handling sensitive user data or integrating with other critical systems. Shared hosting environments using CacheCloud are also at increased risk due to the potential for cross-tenant exploitation.
• java / server: Examine application logs for unusual characters or patterns in login requests. Use a debugger to step through the LoginController.java code and observe how user input is handled.
• generic web: Use curl to test the login endpoint with various XSS payloads (e.g., <script>alert(1)</script>). Check response headers for Content-Security-Policy (CSP) settings.
• generic web: Monitor network traffic for suspicious requests originating from the CacheCloud server.
• generic web: Use a web application scanner to identify potential XSS vulnerabilities.
disclosure
poc
漏洞利用状态
EPSS
0.04% (12% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-15220 is to upgrade to SohuTV CacheCloud version 3.2.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as strict input validation and output encoding on user-supplied data within the LoginController.java file. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of protection. Monitor application logs for suspicious activity, particularly requests containing unusual characters or patterns that might indicate an attempted XSS attack. After upgrading, confirm the fix by attempting to inject a simple XSS payload through the login form and verifying that it is properly sanitized.
将 CacheCloud 更新到 3.2.0 之后的版本,以修复跨站脚本 (XSS) 漏洞。查阅版本说明以确认漏洞已解决。如果未提供可用版本,请审查源代码并应用一个补丁,以正确地转义或验证 LoginController 中 init 函数的用户输入。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15220 is a cross-site scripting vulnerability in SohuTV CacheCloud versions 3.0 to 3.2.0, allowing attackers to inject malicious scripts.
You are affected if you are using SohuTV CacheCloud versions 3.0, 3.1, or 3.2.0. Upgrade to 3.2.1 or later to mitigate the risk.
Upgrade to SohuTV CacheCloud version 3.2.1 or later. Implement input validation and output encoding as a temporary workaround.
Yes, a public proof-of-concept exists, indicating a high probability of active exploitation.
Refer to the SohuTV CacheCloud project's official website or communication channels for the advisory regarding CVE-2025-15220.
上传你的 pom.xml 文件,立即知道是否受影响。