PatchSiren cyber security CVE debrief
CVE-2025-59874 HCL CVE debrief
CVE-2025-59874 is a HIGH severity vulnerability in HCL Hive Telco Observability. A Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-59874) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2025-59874).
- Vendor
- HCL
- Product
- Hive
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of HCL Hive Telco Observability should review and apply the necessary patches to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. The weakness is classified as CWE-1027.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches to mitigate this vulnerability. Refer to [ref-4](https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128725) for more information.
Evidence notes
The vendor is identified as Unknown Vendor with low confidence. The product name is not specified.
Official resources
-
CVE-2025-59874 CVE record
CVE.org
-
CVE-2025-59874 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-59874 was published on 2026-06-04T14:16:35.180Z and last modified on 2026-06-04T15:25:53.963Z.