CVE-2025-59874 PUBLISHED

HCL Hive Telco Observability is affected by a Required directives missing from the CSP .

Assigner: HCL
Reserved: 22.09.2025 Published: 04.06.2026 Updated: 04.06.2026

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HCL
Product	Hive
Versions	Default: unaffected Version 1.0 is affected

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128725

Problem Types

CWE-1027: Missing Required Cryptographic Step CWE