- CVE ID
- CVE-2025-27820
- CVE Description
- A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
- Published
- Apr 24, 2025
- CVSS Score & Severity
8.7High
- CVSS Vector
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
- EPSS Score
- 0.071%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/apache/hc/client5/http/psl/PublicSuffixMatcherLoader.getDefault()Lorg/apache/hc/client5/http/psl/PublicSuffixMatcher;JVM
- Source
- National Vulnerability Database