VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-amws-s4rx-n7fb

Essentials
Severities (35)
References (12)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-amws-s4rx-n7fb
Aliases	CVE-2025-27820 GHSA-73m2-qfq3-56cx
Summary	Apache HttpClient disables domain checks A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27820.json
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
epss	0.00337	https://api.first.org/data/v1/epss?cve=CVE-2025-27820
cvssv3.1	7.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-73m2-qfq3-56cx
cvssv3.1	7.5	https://github.com/apache/httpcomponents-client
generic_textual	HIGH	https://github.com/apache/httpcomponents-client
cvssv3.1	7.5	https://github.com/apache/httpcomponents-client/pull/574
generic_textual	HIGH	https://github.com/apache/httpcomponents-client/pull/574
ssvc	Track	https://github.com/apache/httpcomponents-client/pull/574
cvssv3.1	7.5	https://github.com/apache/httpcomponents-client/pull/621
generic_textual	HIGH	https://github.com/apache/httpcomponents-client/pull/621
ssvc	Track	https://github.com/apache/httpcomponents-client/pull/621
cvssv3.1	7.5	https://hc.apache.org/httpcomponents-client-5.4.x/index.html
generic_textual	HIGH	https://hc.apache.org/httpcomponents-client-5.4.x/index.html
ssvc	Track	https://hc.apache.org/httpcomponents-client-5.4.x/index.html
cvssv3.1	7.5	https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
generic_textual	HIGH	https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
ssvc	Track	https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-27820
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-27820
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20250516-0003
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20250516-0003

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27820.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-27820
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/httpcomponents-client
		https://github.com/apache/httpcomponents-client/pull/574
		https://github.com/apache/httpcomponents-client/pull/621
		https://hc.apache.org/httpcomponents-client-5.4.x/index.html
		https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
		https://nvd.nist.gov/vuln/detail/CVE-2025-27820
		https://security.netapp.com/advisory/ntap-20250516-0003
2362042		https://bugzilla.redhat.com/show_bug.cgi?id=2362042
GHSA-73m2-qfq3-56cx		https://github.com/advisories/GHSA-73m2-qfq3-56cx

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27820.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/httpcomponents-client

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/httpcomponents-client/pull/574

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/ Found at https://github.com/apache/httpcomponents-client/pull/574

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/httpcomponents-client/pull/621

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/ Found at https://github.com/apache/httpcomponents-client/pull/621

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://hc.apache.org/httpcomponents-client-5.4.x/index.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/ Found at https://hc.apache.org/httpcomponents-client-5.4.x/index.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/ Found at https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27820

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20250516-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.55638
EPSS Score	0.00327
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:54:45.817757+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-73m2-qfq3-56cx/GHSA-73m2-qfq3-56cx.json	38.0.0