CVE-2025-15173 is a cross-site scripting vulnerability identified in SohuTV CacheCloud versions 3.0 through 3.2.0. The flaw exists in the advancedAnalysis function within the InstanceController.java source file, where insufficient sanitization of user-supplied input allows injection of malicious scripts. This vulnerability can be exploited remotely without authentication, but requires user interaction to trigger the malicious payload, such as clicking a crafted link or visiting a malicious page that interacts with the vulnerable CacheCloud interface. The vulnerability enables attackers to execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or unauthorized actions within the CacheCloud management console. Although the vendor has been informed, no official patch or mitigation has been released, and exploit code is publicly available, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), user interaction required (UI:P), and limited impact on confidentiality and integrity (VC:N, VI:L), with no impact on availability. This suggests that while the vulnerability is relatively easy to exploit remotely, the overall impact is moderate due to limited scope and the need for user interaction. CacheCloud is used for managing distributed caching services, so compromise could affect the integrity of cache management operations and potentially expose sensitive operational data. The lack of vendor response and patch availability heightens the urgency for organizations to implement compensating controls.

For European organizations utilizing SohuTV CacheCloud, this vulnerability poses a risk of client-side script injection leading to session hijacking, unauthorized actions, or data exposure within the cache management interface. While the direct impact on core infrastructure availability is low, attackers could leverage this XSS to pivot into more damaging attacks or disrupt cache operations, affecting application performance and reliability. Organizations in sectors relying heavily on caching for performance optimization—such as finance, e-commerce, and telecommunications—may experience operational disruptions or data integrity issues. The public availability of exploit code increases the likelihood of opportunistic attacks, especially against less monitored or unpatched environments. Additionally, the absence of vendor patches means European entities must rely on internal mitigations, increasing operational overhead. The confidentiality impact is limited but non-negligible, as attackers could steal session tokens or sensitive UI data. Integrity impact is moderate due to potential unauthorized commands executed via the web interface. Availability impact is minimal. Overall, the threat could undermine trust in cache management systems and lead to secondary attacks targeting broader IT infrastructure.

1. Immediately implement strict input validation and output encoding in the advancedAnalysis function to sanitize all user-supplied data before rendering in the web interface. 2. Deploy or update Web Application Firewalls (WAFs) with specific XSS detection and blocking rules tailored to CacheCloud traffic patterns. 3. Restrict access to the CacheCloud management interface to trusted networks and VPNs to reduce exposure. 4. Enforce multi-factor authentication (MFA) for all CacheCloud users to mitigate session hijacking risks. 5. Monitor web server and application logs for unusual requests or script injection attempts targeting the advancedAnalysis endpoint. 6. Educate users about the risks of clicking untrusted links or interacting with suspicious content related to CacheCloud. 7. Consider isolating CacheCloud management consoles in segmented network zones to limit lateral movement if compromised. 8. Engage with SohuTV for patch timelines and subscribe to vulnerability advisories for timely updates. 9. If feasible, conduct code audits and penetration testing focused on web input handling in CacheCloud to identify additional weaknesses. 10. Prepare incident response plans specific to web application attacks involving CacheCloud.