CVE-2025-59874
HCL Hive Telco Observability is affected by a Required directives missing from the CSP .
In short
HCL Hive Telco Observability has incomplete security rules (Content Security Policy) in its Keycloak login component, which can allow attackers to inject malicious code into web pages.
Technical detail
The Keycloak component lacks required CSP directives, enabling content injection attacks. An attacker can exploit this to execute arbitrary JavaScript in users' browsers if the application processes untrusted input without proper directive enforcement.
Summary generated and translated by AI from the official description.
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected products
HCL · HiveWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →