VDB
CVE-2025-46735
CVE-2025-46735
PUBLISHED
CVSS 1.100000023841858 LOW
Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.
EPSS 0.24% · 47.3th percentile
Risk Scores
CVSS 4.0
1.100000023841858
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U
EPSS Score
0.24%
47.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | nrkno/terraform-provider-windns | 0, 0 |
| nrkno | terraform-provider-windns | <= 1.0.4, <= 1.0.4 |
Exploit Intelligence
- CIRCL seen: CVE-2025-46735 (circl-sighting)
- CIRCL seen: CVE-2025-46735 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2025-46735 (circl-sighting)
- https://github.com/nrkno/terraform-provider-windns/security/advisories/GHSA-4vgf-2cm4-mp7c (circl)
- https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed8c4f102194530b5bce (circl)
Timeline
- Jan 21, 1970 Security Advisory
- May 6, 2025 CVE Published
- May 6, 2025 PoC Published
- May 6, 2025 PoC Published
- May 6, 2025 PoC Published
- May 7, 2025 EPSS Score
- May 19, 2025 EPSS Score
- May 30, 2025 EPSS Score
- Jun 10, 2025 Coalition ESS Score
- Jun 11, 2025 EPSS Score
- Jun 23, 2025 EPSS Score
- Jul 4, 2025 EPSS Score
References
- https://github.com/nrkno/terraform-provider-windns/security/advisories/GHSA-4vgf-2cm4-mp7c url
- https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed8c4f102194530b5bce url
- https://nvd.nist.gov/vuln/detail/CVE-2025-46735 advisory
- https://github.com/nrkno/terraform-provider-windns package