CVE-2025-15172 is a cross-site scripting (XSS) vulnerability identified in SohuTV CacheCloud, a Redis configuration management tool, affecting versions 3.0 through 3.2.0. The vulnerability resides in the preview function within the RedisConfigTemplateController.java source file, which fails to properly sanitize user-supplied input before rendering it in the web interface. This flaw enables remote attackers to inject malicious JavaScript code that executes in the context of users who access the preview feature. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and does not require authentication (AT:N), but does require user interaction (UI:P), such as clicking a crafted link or viewing a manipulated preview page. The vulnerability impacts the confidentiality and integrity of user sessions by potentially allowing session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The CVSS 4.0 score of 5.1 reflects a medium severity level, considering the limited impact on availability and the need for user interaction. The vulnerability was responsibly disclosed but remains unpatched as of the publication date, and no known exploits have been reported in the wild. Given CacheCloud’s role in managing Redis configurations, exploitation could indirectly affect the availability and integrity of Redis instances if attackers leverage stolen credentials or session tokens. The lack of vendor response increases the urgency for organizations to implement interim mitigations.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of administrative sessions within CacheCloud’s web interface. Successful exploitation could lead to session hijacking, enabling attackers to manipulate Redis configurations or gain further access to backend systems. This could disrupt critical caching infrastructure, impacting application performance and availability indirectly. Organizations relying on CacheCloud for Redis management in sectors such as finance, telecommunications, and e-commerce—where Redis is widely used—may face increased risk of targeted attacks. The medium severity rating suggests that while the vulnerability is not immediately critical, it could serve as an entry point for more sophisticated attacks, especially if combined with other vulnerabilities or misconfigurations. The absence of a patch and public exploit code availability increases the likelihood of future exploitation attempts. European entities with internet-facing CacheCloud management consoles are particularly vulnerable, especially if access controls are weak or if users are not trained to recognize phishing or social engineering attempts that could trigger the required user interaction.

1. Immediately restrict access to the CacheCloud preview function by implementing network-level controls such as IP whitelisting or VPN-only access to the management interface. 2. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the preview endpoint. 3. Educate users and administrators to avoid clicking on untrusted links or previewing unverified templates until a patch is available. 4. Implement strict Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the CacheCloud web interface. 5. Regularly monitor web server logs and application logs for unusual requests or error patterns indicative of attempted XSS exploitation. 6. Consider deploying runtime application self-protection (RASP) solutions to detect and block XSS attacks in real time. 7. Engage with the vendor or community to track patch releases and apply updates promptly once available. 8. If feasible, review and sanitize all user inputs in the preview function source code as a temporary code-level mitigation. 9. Isolate CacheCloud management interfaces from general user networks to reduce exposure. 10. Conduct penetration testing focused on the preview feature to identify any additional weaknesses.