CVE-2025-4673

Terraform

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4673 affects the Terraform WinDNS Provider, which is used to manage Windows DNS server resources through Terraform. The vulnerability lies in versions prior to 1.0.5 and was made public on May 6, 2025. It stems from inadequate input sanitization within the windns_record resource. Specifically, the vulnerability could allow authenticated users with high privileges to potentially execute commands via PowerShell command injection. Version 1.0.5 of the Terraform WinDNS Provider addresses this issue with improved input validation.

Description: -

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 33

🎆 Go 1.24.4 and 1.23.10 are released! 🔐 Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. 📰 Announcement: https://t.co/C3AeYy8ZX8 📦 Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes

References

Sources include official advisories and independent security research.

https://www.cve.org/CVERecord?id=CVE-2025-4673

Overview

AI description

Social media

References