CVE-2025-15146 is a cross-site scripting (XSS) vulnerability identified in SohuTV CacheCloud versions 3.0 through 3.2.0. The flaw exists in the doUserList function within the UserManageController.java source file, where insufficient input sanitization allows attackers to inject malicious scripts. This vulnerability can be triggered remotely but requires the attacker to have high privileges (authenticated access) and user interaction to execute successfully. The vulnerability could enable attackers to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions within the web application. The vulnerability was responsibly disclosed to the vendor, but no patch or official response has been released as of the publication date. The CVSS v4.0 score is 4.8 (medium severity), reflecting the need for authentication and user interaction, limited impact on confidentiality and integrity, and no impact on availability. Although no known exploits are currently active in the wild, the public availability of exploit code increases the risk of future attacks. The vulnerability affects a niche product used primarily for cache management in web environments, which may limit the scope but still poses a risk to organizations relying on this software for critical infrastructure.

For European organizations using SohuTV CacheCloud, this vulnerability poses a risk of client-side attacks that could compromise user sessions and credentials, potentially leading to unauthorized access or data leakage. While the vulnerability does not directly impact system availability or integrity, successful exploitation could facilitate further attacks such as privilege escalation or lateral movement within the network. The requirement for authenticated access and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate targeted attacks, especially in environments where CacheCloud is used to manage critical caching infrastructure. Organizations in sectors with high-value web assets or sensitive user data could face reputational damage, regulatory penalties under GDPR if personal data is compromised, and operational disruptions if attackers leverage the XSS to deploy additional payloads. The lack of an official patch increases the urgency for interim mitigations to reduce exposure.

1. Implement strict input validation and output encoding on all user-supplied data, especially within the doUserList function, to prevent script injection. 2. Deploy and configure Web Application Firewalls (WAFs) with rules specifically targeting XSS attack patterns to detect and block malicious payloads. 3. Restrict access to the vulnerable functionality by enforcing the principle of least privilege and limiting user roles that can access the doUserList endpoint. 4. Monitor application logs and user activity for unusual patterns indicative of attempted XSS exploitation. 5. If possible, isolate CacheCloud instances from direct internet exposure and require VPN or other secure access methods. 6. Engage with the vendor or community to obtain patches or updates as soon as they become available. 7. Educate users about the risks of interacting with suspicious links or content within the CacheCloud management interface. 8. Consider implementing Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution sources.