Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Published

2025-04-24T12:15:16.723

Last Modified

2025-07-16T14:48:52.213

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	httpclient	< 5.4.3	Yes
Application	netapp	ontap_tools	10	Yes

References

https://github.com/apache/httpcomponents-client/pull/574 Issue Tracking, Patch ([email protected])
https://github.com/apache/httpcomponents-client/pull/621 Issue Tracking, Patch ([email protected])
https://hc.apache.org/httpcomponents-client-5.4.x/index.html Product ([email protected])
https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8 Mailing List, Patch ([email protected])
https://security.netapp.com/advisory/ntap-20250516-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)