cvedb.io
CVE-2025-27820
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-04-24T12:15:16.723 · Last modified 2026-06-17T09:04:16.777

Summary

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Affected products

apache — httpclient

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.