CVE-2025-59854 | THREATINT

Description

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP).

PUBLISHED Reserved 2025-09-22 | Published 2026-05-06 | Updated 2026-05-06 | Assigner HCL

LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Product status

Default status

unaffected

3.1 and below

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0130569

cve.org (CVE-2025-59854)

nvd.nist.gov (CVE-2025-59854)

Download JSON