CVE-2025-27820
7.5
CriticalCVE-2025-27820
•
security@apache.org
•
Awaiting Analysis
Description
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
security@apache.org
https://github.com/apache/httpcomponents-client/pull/574security@apache.org
https://github.com/apache/httpcomponents-client/pull/621security@apache.org
https://hc.apache.org/httpcomponents-client-5.4.x/index.htmlsecurity@apache.org
https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8