CVE-2025-27820

Summary

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HttpComponents5.4.0 < 5.4.3affected

Weaknesses

  • PSL Validation Bypass in Apache HttpClient 5.4.x

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References