CVE-2025-51397
Published: 21 July 2025
Summary
CVE-2025-51397 is a medium-severity Logging of Excessive Data (CWE-779) vulnerability in Livehelperchat Live Helper Chat. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 25.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22148
Vulnerability details
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS enables arbitrary JavaScript execution (T1059.007) in admin browser context when viewing Recipients List, facilitating theft of web session cookies (T1539) and credentials from web browsers (T1555.003).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Audit record reduction explicitly manages excessive log volumes for review and reporting while preserving original content and ordering, reducing the impact of logging excessive data.