Vulnerability Description
Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.
Related Weaknesses (CWE)
References
- https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed
- https://github.com/nrkno/terraform-provider-windns/security/advisories/GHSA-4vgf
FAQ
What is CVE-2025-46735?
CVE-2025-46735 is a documented vulnerability. Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_...
How severe is CVE-2025-46735?
CVSS scoring is not yet available for CVE-2025-46735. Check NVD for updates.
Is there a patch for CVE-2025-46735?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.