CVE-2025-46735 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-46735 PUBLISHED CVSS 1.100000023841858 LOW

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.

EPSS 0.30% · 53.6th percentile

Risk Scores

CVSS v4.0

1.100000023841858

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U

EPSS Score

0.30%

53.6th percentile

Affected Products

Vendor	Product	Versions
github.com	nrkno/terraform-provider-windns	0, 0
nrkno	terraform-provider-windns	<= 1.0.4, <= 1.0.4

Timeline

Jan 21, 1970 Security Advisory
May 6, 2025 CVE Published
May 6, 2025 PoC Published
May 6, 2025 PoC Published
May 6, 2025 PoC Published
May 7, 2025 EPSS Score
May 18, 2025 EPSS Score
May 29, 2025 EPSS Score
Jun 9, 2025 EPSS Score
Jun 10, 2025 Coalition ESS Score
Jun 20, 2025 EPSS Score
Jul 2, 2025 EPSS Score

References

Open in Interactive Console →