CVE-2025-62328 | THREATINT

Description

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

PUBLISHED Reserved 2025-10-10 | Published 2026-03-11 | Updated 2026-03-12 | Assigner HCL

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Product status

Default status

unaffected

<1.0.19

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0127331

cve.org (CVE-2025-62328)

nvd.nist.gov (CVE-2025-62328)

Download JSON