CVE-2025-27820
Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
Apache Software Foundation · Apache HttpComponentsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/apache/httpcomponents-client/pull/574https://github.com/apache/httpcomponents-client/pull/621https://hc.apache.org/httpcomponents-client-5.4.x/index.htmlhttps://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8https://security.netapp.com/advisory/ntap-20250516-0003/