AI description
CVE-2025-4673 affects the Terraform WinDNS Provider, which is used to manage Windows DNS server resources through Terraform. The vulnerability lies in versions prior to 1.0.5 and was made public on May 6, 2025. It stems from inadequate input sanitization within the windns_record resource. Specifically, the vulnerability could allow authenticated users with high privileges to potentially execute commands via PowerShell command injection. Version 1.0.5 of the Terraform WinDNS Provider addresses this issue with improved input validation.
- Description
- Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2025-4673 Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. https://t.co/PKDgvCiTNj
@CVEnew
11 Jun 2025
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). π Impacts: β Certificate validation bypass β HTTP header leaks β Permission flaws Read more : πhttps://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R
@Cezar_H_Linux
10 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mageia9 patches 3 Golang CVEs: β Proxy-Auth header leaks (CVE-2025-4673) β Symlink handling flaws (CVE-2025-0913) β x509 policy bypass (CVE-2025-22874) Read more: π https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B
@Cezar_H_Linux
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π Go 1.24.4 and 1.23.10 are released! π Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. π° Announcement: https://t.co/C3AeYy8ZX8 π¦ Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes