CVE-2025-4673

Published Jun 11, 2025

Last updated a month ago

CVSS medium 6.8
Terraform

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4673 affects the Terraform WinDNS Provider, which is used to manage Windows DNS server resources through Terraform. The vulnerability lies in versions prior to 1.0.5 and was made public on May 6, 2025. It stems from inadequate input sanitization within the windns_record resource. Specifically, the vulnerability could allow authenticated users with high privileges to potentially execute commands via PowerShell command injection. Version 1.0.5 of the Terraform WinDNS Provider addresses this issue with improved input validation.

Description
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Source
security@golang.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. CVE-2025-4673 Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. https://t.co/PKDgvCiTNj

    @CVEnew

    11 Jun 2025

    304 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. πŸš€ URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). πŸ” Impacts: βœ” Certificate validation bypass βœ” HTTP header leaks βœ” Permission flaws Read more : πŸ‘‡https://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R

    @Cezar_H_Linux

    10 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #Mageia9 patches 3 Golang CVEs: βœ… Proxy-Auth header leaks (CVE-2025-4673) βœ… Symlink handling flaws (CVE-2025-0913) βœ… x509 policy bypass (CVE-2025-22874) Read more: πŸ‘‰ https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B

    @Cezar_H_Linux

    10 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. πŸŽ† Go 1.24.4 and 1.23.10 are released! πŸ” Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. πŸ“° Announcement: https://t.co/C3AeYy8ZX8 πŸ“¦ Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3

    @golang

    5 Jun 2025

    18043 Impressions

    101 Retweets

    443 Likes

    26 Bookmarks

    4 Replies

    4 Quotes

References

Sources include official advisories and independent security research.