Vulnerability Details CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.2%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-27820
-
cpe:2.3:a:apache:httpclient:*
-
cpe:2.3:a:netapp:ontap_tools:10