CVE-2025-27820
published 2025-04-24CVE-2025-27820: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpclient | >= 5.4 < 5.4.3 | 5.4.3 |
| apache_software_foundation | apache_httpcomponents | >= 5.4.0 < 5.4.3 | 5.4.3 |
| debian | httpcomponents-client | — | — |
| netapp | ontap_tools | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH