CVE-2025-15202 is a cross-site scripting vulnerability affecting SohuTV CacheCloud versions 3.0, 3.1, and 3.2.0. The flaw exists in the taskQueueList function within the TaskController.java file, where insufficient input sanitization allows an attacker to inject malicious scripts into the web interface. This vulnerability is remotely exploitable without authentication but requires user interaction, such as a victim clicking a crafted link or visiting a malicious page that triggers the payload. The vulnerability can lead to the execution of arbitrary JavaScript in the context of the victim’s browser, potentially enabling session hijacking, credential theft, or unauthorized actions within the CacheCloud management interface. The CVSS 4.8 score reflects a medium severity, considering the attack vector is network-based with low attack complexity but requiring user interaction and privileges. The vendor has been notified but has not yet issued a patch or mitigation guidance. No known exploits have been observed in the wild, but public disclosure increases the risk of exploitation attempts. CacheCloud is a cache management platform used to improve application performance by managing distributed cache clusters, and compromise could affect the integrity and availability of cached data indirectly by manipulating cache tasks or configurations.

For European organizations using SohuTV CacheCloud, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data accessible through the CacheCloud web interface. Successful exploitation could allow attackers to execute scripts that steal session tokens or perform unauthorized actions, potentially disrupting cache management operations. This could degrade application performance or availability indirectly if cache tasks are manipulated. Organizations relying on CacheCloud for critical caching infrastructure may experience operational impacts or data exposure. The medium severity and requirement for user interaction reduce the likelihood of widespread automated exploitation, but targeted attacks against high-value infrastructure remain a concern. The lack of vendor response and patches increases exposure time, emphasizing the need for immediate mitigations. European entities in sectors such as finance, telecommunications, and e-commerce that depend on caching for performance optimization are particularly at risk. Additionally, regulatory compliance considerations around data protection (e.g., GDPR) may be implicated if user data is compromised via this vulnerability.

1. Immediately restrict access to the CacheCloud web interface, especially the taskQueueList function, using network segmentation, firewalls, or VPNs to limit exposure to trusted users only. 2. Implement web application firewall (WAF) rules to detect and block malicious input patterns targeting the vulnerable endpoint. 3. Apply strict input validation and output encoding on all user-supplied data in the CacheCloud interface to prevent script injection. 4. Monitor logs and network traffic for unusual activity or repeated attempts to access the vulnerable function. 5. Educate users about the risk of clicking unsolicited links or opening suspicious pages that could trigger XSS payloads. 6. Engage with the vendor or community to obtain patches or updates as soon as they become available. 7. Consider deploying Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution sources. 8. If feasible, isolate CacheCloud management interfaces from general user networks to minimize attack surface. 9. Regularly review and update incident response plans to include scenarios involving web interface compromises. 10. Conduct security assessments and penetration testing focused on CacheCloud deployments to identify and remediate related weaknesses.