Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2025-46735

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version 1.0.5. The windns_record resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

Published: May 6, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-46735
GHSA: GHSA-4vgf-2cm4-mp7c
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
github.com/nrkno/terraform-provider-windns	-	1.0.4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo