CVE-2025-15201 is a cross-site scripting vulnerability affecting SohuTV CacheCloud versions 3.0 through 3.2.0. The vulnerability resides in the redirectNoPower function of the WebResourceController.java source file, where insufficient sanitization of user-controlled input allows injection of malicious scripts. This flaw can be exploited remotely without authentication, but requires user interaction, such as clicking a crafted URL that triggers the vulnerable redirect. The vulnerability enables attackers to execute arbitrary JavaScript in the context of the victim’s browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 4.0 score of 5.1 reflects a medium severity, considering the ease of remote exploitation but the requirement for user interaction and limited impact on confidentiality and integrity. The vendor was notified early but has not yet issued a patch, and no known exploits in the wild have been reported. Given CacheCloud’s role in caching and content delivery, this vulnerability could be leveraged to target users of web applications relying on this product, especially in environments where user trust and session integrity are critical.

For European organizations, the impact of this XSS vulnerability can be significant in sectors relying on SohuTV CacheCloud for content caching and delivery, such as media companies, streaming services, and enterprises with web portals. Successful exploitation could lead to session hijacking, enabling attackers to impersonate legitimate users and access sensitive information or perform unauthorized actions. It could also facilitate phishing attacks by injecting malicious scripts that alter webpage content or redirect users to fraudulent sites. While the vulnerability does not directly compromise system availability or allow privilege escalation, the breach of user trust and potential data leakage can have reputational and regulatory consequences, especially under GDPR requirements for data protection. Organizations with high user interaction on affected web applications are at greater risk. The lack of an official patch increases the urgency for interim mitigations to reduce exposure.

1. Implement strict input validation and output encoding on all user-supplied data, especially in URL parameters handled by the redirectNoPower function. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Use web application firewalls (WAFs) to detect and block malicious payloads targeting the vulnerable endpoint. 4. Monitor web traffic for unusual redirect patterns or injection attempts. 5. Isolate or sandbox the affected CacheCloud instances to limit exposure. 6. Engage with SohuTV for updates and patches, and plan for timely upgrades once available. 7. Educate users about the risks of clicking untrusted links to reduce the likelihood of successful exploitation. 8. Review and harden session management to mitigate session hijacking risks.