CVE-2025-27820

Published: Apr 24, 2025

Modified: Jun 4, 2025

PUBLISHED

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Vendor	Product	Versions
Apache Software Foundation	Apache HttpComponents	affected `5.4.0 - < 5.4.3`

References

https://github.com/apache/httpcomponents-client/pull/574

patch

https://github.com/apache/httpcomponents-client/pull/621

patch

https://hc.apache.org/httpcomponents-client-5.4.x/index.html

product

https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-27820

Description

Affected Products

References