Vulnerability Description
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sohu | Cachecloud | <= 3.2 |
Related Weaknesses (CWE)
References
- https://github.com/sohutv/cachecloud/issues/379ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.338605Permissions RequiredVDB Entry
- https://vuldb.com/?id.338605Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.716320Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15220?
CVE-2025-15220 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in ...
How severe is CVE-2025-15220?
CVE-2025-15220 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15220?
Check the references section above for vendor advisories and patch information. Affected products include: Sohu Cachecloud.