CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

May 6, 2025

CVE ID : CVE-2025-46735

Published : May 6, 2025, 5:16 p.m. | 2 hours, 19 minutes ago

Description : Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46736 – Umbraco Account Existence Disclosure

Next Article CVE-2025-45250 – MrDoc SSRF Vulnerability

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-47688 – Saad Iqbal Advanced File Manager Missing Authorization Vulnerability

How to Install Microsoft Teams [All Devices, Step-by-Step]

Save $1,200 on the Alienware x16 R2 gaming laptop at Dell

Starting this week, the Xbox PC app will integrate ‘leading PC gaming stores’ for Xbox Insiders — with no mention of Steam

A Comprehensive Tutorial on the Five Levels of Agentic AI Architectures: From Basic Prompt Responses to Fully Autonomous Code Generation and Execution

CVE-2025-0649 – Google Tensorflow Serving JSON Deserialization Remote Crash

I appreciate FBC: Firebreak’s co-op friction fun, but I hope this Remedy game can evolve over time — Review in progress

CVE-2025-52579 – Emerson ValveLink Information Disclosure

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Related Posts