CVE-2025-15204 is a cross-site scripting (XSS) vulnerability identified in SohuTV CacheCloud versions 3.0 through 3.2.0. The flaw exists in the doQuartzList function within the QuartzManageController.java source file, which is part of the web controller handling scheduled tasks. The vulnerability arises due to insufficient sanitization of user-supplied input that is reflected in the web interface, allowing an attacker to inject malicious JavaScript code. Exploitation requires the attacker to have high privileges (PR:H) but does not require authentication (AT:N) or confidentiality impact (VC:N). User interaction (UI:P) is necessary, meaning a victim must trigger the malicious payload, typically by visiting a crafted URL or interface. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L). Although the vendor was notified early, no patch or official response has been issued, and the exploit details have been publicly disclosed, increasing the risk of exploitation. While no known exploits are currently active in the wild, the public disclosure and lack of remediation elevate the threat level. The vulnerability primarily threatens the integrity of user sessions and could facilitate phishing or session hijacking attacks within the affected environment. The CVSS 4.8 score reflects a medium severity rating, balancing the ease of exploitation with limited impact on confidentiality and availability.

For European organizations, the primary impact of CVE-2025-15204 lies in the potential compromise of user sessions and the integrity of web interactions within CacheCloud management interfaces. Organizations relying on CacheCloud for caching and task scheduling in media or content delivery environments may face risks of targeted XSS attacks that could lead to credential theft, session hijacking, or social engineering attacks against privileged users. Although the vulnerability does not directly affect data confidentiality or system availability, successful exploitation could enable attackers to perform unauthorized actions under the guise of legitimate users, potentially leading to further compromise. The requirement for high privileges and user interaction limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or operators. The lack of vendor response and patch availability increases exposure time, necessitating proactive defensive measures. Additionally, organizations in regulated sectors must consider compliance implications related to the exploitation of such vulnerabilities.

1. Restrict access to the CacheCloud management interface and specifically the doQuartzList function to trusted administrators only, using network segmentation and strong access controls. 2. Implement strict input validation and output encoding on all user-supplied data within the affected function to neutralize malicious scripts. 3. Deploy web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting CacheCloud endpoints. 4. Monitor logs and user activity for unusual patterns or repeated access attempts to the vulnerable function. 5. Educate privileged users about the risks of clicking on untrusted links and the importance of verifying URLs before interaction. 6. Consider temporary disabling or limiting the use of the affected functionality if feasible until an official patch is released. 7. Engage with the vendor or community to track patch releases or official mitigations. 8. Conduct regular security assessments and penetration tests focusing on web interface vulnerabilities in CacheCloud deployments.