CSP Directive Vulnerability in HCL Hive Telco Observability Web Application
CVE-2025-59874

8.1HIGH

Key Information:

Vendor: HCL Software
Status: Hive
Vendor: CVE Published:; 4 June 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-59874?

The HCL Hive Telco Observability web application exhibits a vulnerability due to missing required directives in its Content Security Policy (CSP). This oversight can expose the application to various security risks, allowing potential attackers to exploit the keycloak component's weaknesses. Implementing the necessary CSP directives is crucial to safeguard the application and enhance its overall security posture.

Affected Version(s)

Hive 1.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Sep 22, 2025

CVE-2025-59874 Data

JSON