High severityNVD Advisory· Published Apr 24, 2025· Updated Jun 4, 2025
Apache HttpComponents: PSL (Public Suffix List) validation bypass
CVE-2025-27820
Description
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.httpcomponents.client5:httpclient5Maven | >= 5.4-alpha1, < 5.4.3 | 5.4.3 |
Affected products
88- osv-coords87 versionspkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/camunda-zeebe-8.6-compatpkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-alertingpkg:apk/chainguard/opensearch-2-analysis-icupkg:apk/chainguard/opensearch-2-analysis-kuromojipkg:apk/chainguard/opensearch-2-analysis-noripkg:apk/chainguard/opensearch-2-analysis-phoneticpkg:apk/chainguard/opensearch-2-analysis-smartcnpkg:apk/chainguard/opensearch-2-analysis-stempelpkg:apk/chainguard/opensearch-2-analysis-ukrainianpkg:apk/chainguard/opensearch-2-anomaly-detectionpkg:apk/chainguard/opensearch-2-asynchronous-searchpkg:apk/chainguard/opensearch-2-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-crypto-kmspkg:apk/chainguard/opensearch-2-custom-codecspkg:apk/chainguard/opensearch-2-discovery-azure-classicpkg:apk/chainguard/opensearch-2-discovery-ec2pkg:apk/chainguard/opensearch-2-discovery-gcepkg:apk/chainguard/opensearch-2-entrypoint-compatpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-index-managementpkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-job-schedulerpkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-mapper-annotated-textpkg:apk/chainguard/opensearch-2-mapper-murmur3pkg:apk/chainguard/opensearch-2-mapper-sizepkg:apk/chainguard/opensearch-2-ml-commonspkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-notificationspkg:apk/chainguard/opensearch-2-observabilitypkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-reportingpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-repository-gcspkg:apk/chainguard/opensearch-2-repository-s3pkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/opensearch-2-store-smbpkg:apk/chainguard/opensearch-2-telemetry-otelpkg:apk/chainguard/opensearch-2-transport-niopkg:apk/chainguard/spring-bootpkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-alertingpkg:apk/wolfi/opensearch-2-analysis-icupkg:apk/wolfi/opensearch-2-analysis-kuromojipkg:apk/wolfi/opensearch-2-analysis-noripkg:apk/wolfi/opensearch-2-analysis-phoneticpkg:apk/wolfi/opensearch-2-analysis-smartcnpkg:apk/wolfi/opensearch-2-analysis-stempelpkg:apk/wolfi/opensearch-2-analysis-ukrainianpkg:apk/wolfi/opensearch-2-anomaly-detectionpkg:apk/wolfi/opensearch-2-asynchronous-searchpkg:apk/wolfi/opensearch-2-cross-cluster-replicationpkg:apk/wolfi/opensearch-2-crypto-kmspkg:apk/wolfi/opensearch-2-custom-codecspkg:apk/wolfi/opensearch-2-discovery-azure-classicpkg:apk/wolfi/opensearch-2-discovery-ec2pkg:apk/wolfi/opensearch-2-discovery-gcepkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-index-managementpkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-job-schedulerpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-mapper-annotated-textpkg:apk/wolfi/opensearch-2-mapper-murmur3pkg:apk/wolfi/opensearch-2-mapper-sizepkg:apk/wolfi/opensearch-2-ml-commonspkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-notificationspkg:apk/wolfi/opensearch-2-observabilitypkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-reportingpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-repository-gcspkg:apk/wolfi/opensearch-2-repository-s3pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/opensearch-2-store-smbpkg:apk/wolfi/opensearch-2-telemetry-otelpkg:apk/wolfi/opensearch-2-transport-niopkg:maven/org.apache.httpcomponents.client5/httpclient5
< 8.6.13-r1+ 86 more
- (no CPE)range: < 8.6.13-r1
- (no CPE)range: < 8.6.13-r1
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 3.5.3-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: >= 5.4-alpha1, < 5.4.3
- Apache Software Foundation/Apache HttpComponentsv5Range: 5.4.0
Patches
Vulnerability mechanics
References
7- github.com/apache/httpcomponents-client/pull/574ghsapatchWEB
- github.com/apache/httpcomponents-client/pull/621ghsapatchWEB
- github.com/advisories/GHSA-73m2-qfq3-56cxghsaADVISORY
- lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27820ghsaADVISORY
- hc.apache.org/httpcomponents-client-5.4.x/index.htmlghsaproductWEB
- security.netapp.com/advisory/ntap-20250516-0003ghsaWEB
News mentions
0No linked articles in our index yet.