CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

May 6, 2025

CVE ID : CVE-2025-46735

Published : May 6, 2025, 5:16 p.m. | 2 hours, 19 minutes ago

Description : Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46736 – Umbraco Account Existence Disclosure

Next Article CVE-2025-45250 – MrDoc SSRF Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Xbox has become a Game Pass machine and nothing more — Is it enough to justify Microsoft’s console over a costly gaming PC?

I tested this superb gaming laptop, and it proves that NVIDIA’s RTX 5090 is still a massive waste of money

Windows 11’s Settings app is getting an AI agent that can configure options on your PC for you

Microsoft unveils “new generation of Windows experiences” — here’s what’s on the way to Windows 11 and Copilot+ PCs

Node.js 24 Is Here: What You Need to Know

Node.js 24 Is Here: What You Need to Know

Solution Highlight – Oracle Fusion Global SCM and Manufacturing – Part 2

URI Path Components Using Laravel’s pathSegments() Method

Xbox has become a Game Pass machine and nothing more — Is it enough to justify Microsoft’s console over a costly gaming PC?

Xbox has become a Game Pass machine and nothing more — Is it enough to justify Microsoft’s console over a costly gaming PC?

I tested this superb gaming laptop, and it proves that NVIDIA’s RTX 5090 is still a massive waste of money

Windows 11’s Settings app is getting an AI agent that can configure options on your PC for you

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Microsoft: April updates cause Windows Server auth issues

Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects

Microsoft AI Research Released 1 Million Synthetic Instruction Pairs Covering Different Capabilities

DOJ demands divestiture of Chrome browser and sets sights on making Google sell Android — calls Google “incompatible with free markets and freedom”

Iâ€™ve Found the Next 20x Cryptocurrency Ready to Take-Off!

What ELSE is on your CSS wishlist?

Hands on with Windows 11’s new Apple Handoff-like feature, but it requires OneDrive

Year 2304: Waifu 9000 – The Story Leaked

London Hospitals Report Service Disruption from Synnovis Ransomware Attack

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Related Posts