CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

May 6, 2025

CVE ID : CVE-2025-46735

Published : May 6, 2025, 5:16 p.m. | 2 hours, 19 minutes ago

Description : Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46736 – Umbraco Account Existence Disclosure

Next Article CVE-2025-45250 – MrDoc SSRF Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

FBC: Firebreak release date revealed — Remedy details co-op “Control” spin-off shooter filled with evil sticky note monsters

The best proxy server services of 2025: Expert recommended

How to Upgrade to Ubuntu 25.04 ‘Plucky Puffin’

CVE-2024-30115 – HCL Leap Cross-Site Scripting (XSS)

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

CVE-2025-46378 – Apache HTTP Server Unvalidated User Input

Mozilla is so out of Pocket for shutting down one of my favorite apps

KitchenOwl – self-hosted grocery list and recipe manager

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Related Posts