Vulnerability

CVE-2025-27820

 Report advisory or correction

CVSS Score 8.7 high

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-295

References

https://github.com/advisories/GHSA-73m2-qfq3-56cx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-27820

[CVE-2025-27820] CWE-295: Improper Certificate Validation

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up