CVE-2025-15220

medium

Published 2025-12-30 · Modified 2026-04-29

CVSS v3

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

5.0

VIR risk

6.1

Description

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/sohutv/cachecloud/issues/379

Application impact

Vendor	Product	Versions	Fixed
sohu	cachecloud	`{"endIncluding":"3.2"}`

References

https://github.com/sohutv/cachecloud/issues/379
https://vuldb.com/?ctiid.338605
https://vuldb.com/?id.338605
https://vuldb.com/?submit.716320

CWEs

CWE-79 CWE-94

Verify integrity in audit chain (admin only). AS-IS.