Cross Site Scripting Vulnerability in LiveHelperChat's lhc-php-resque Extension
CVE-2025-7435

5.1MEDIUM

Key Information:

Vendor

Livehelperchat

Status
Lhc-PHP-resque Extension
Vendor
CVE Published:
11 July 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-7435?

A cross site scripting vulnerability exists in the LiveHelperChat lhc-php-resque Extension, affecting versions up to ee1270b35625f552425e32a6a3061cd54b5085c4. This vulnerability targets the List Handler component by allowing the manipulation of the argument queue name, which could lead to the initiation of remote attacks. Due to the continuous delivery model employed by the product, specific version details for both affected and updated releases may not be readily available. A patch has been released, identified by commit 542aa8449b5aa889b3a54f419e794afe19f56d5d, to address this issue. Users are strongly advised to apply this patch promptly to mitigate potential security risks.

Affected Version(s)

lhc-php-resque Extension ee1270b35625f552425e32a6a3061cd54b5085c4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7435 - Proof of Concept

CVE-2025-7435 - Proof of Concept

References

https://vuldb.com/?id.316005
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316005
signaturepermissions-required
https://vuldb.com/?submit.609068
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jay Shah (VulDB User)
.