CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

May 6, 2025

CVE ID : CVE-2025-46735

Published : May 6, 2025, 5:16 p.m. | 2 hours, 19 minutes ago

Description : Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46736 – Umbraco Account Existence Disclosure

Next Article CVE-2025-45250 – MrDoc SSRF Vulnerability

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Google Gives $30M to 20 Nonprofit Organizations Specifically for AI

CVE-2025-47532 – CoinPayments.net Payment Gateway for WooCommerce Object Injection Vulnerability

CVE-2025-4511 – Vector4Wang Spring-Boot-Quick Remote Path Traversal Vulnerability

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Farmonics Peri Peri Powder – Spicy & Tangy Seasoning for Fries, Grilled Foods & Snacks | Authentic Spice Mix for Cooking & Marination

Site Update – An Apology and a Brighter Future

Role of AI-driven Autonomous Testing in Software QA

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Related Posts