CVE-2025-27820

CVE-2025-27820: Apache HttpComponents: PSL (Public Suffix List) validation bypass

Vendor Apache Software Foundation

Product Apache HttpComponents

Published April 24, 2025

Last update June 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Key dates

Disclosure timeline

April 24, 2025 CVE published

June 4, 2025 Record updated