CVE-2025-27820

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27820

Severity

Unknown

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

References

https://images.chainguard.dev/security/CGA-5f93-m6wm-9fg4
https://github.com/advisories/GHSA-73m2-qfq3-56cx
https://images.chainguard.dev/security/CGA-wpqp-68mw-w3x9
https://images.chainguard.dev/security/CGA-6957-v4m4-9wmv
https://security.netapp.com/advisory/ntap-20250516-0003/
https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
https://github.com/apache/httpcomponents-client/pull/574
https://github.com/apache/httpcomponents-client/pull/621
https://hc.apache.org/httpcomponents-client-5.4.x/index.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2025-27820

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources