CVE-2025-4673

Published Jun 11, 2025

Last updated 2 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4673 affects the Terraform WinDNS Provider, which is used to manage Windows DNS server resources through Terraform. The vulnerability lies in versions prior to 1.0.5 and was made public on May 6, 2025. It stems from inadequate input sanitization within the windns_record resource. Specifically, the vulnerability could allow authenticated users with high privileges to potentially execute commands via PowerShell command injection. Version 1.0.5 of the Terraform WinDNS Provider addresses this issue with improved input validation.

Description
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Source
security@golang.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending