{"data":{"id":"aa0287a3-3f94-4723-a552-431b47ee008f","title":"CVE-2025-46735: Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue ","summary":"The Terraform WinDNS Provider (a tool for managing Windows DNS servers through Terraform, an infrastructure automation tool) had a security flaw before version 1.0.5 where the `windns_record` resource didn't properly validate user input, allowing authenticated command injection (an attack where malicious commands are sneaked into legitimate input to execute unauthorized code in the underlying PowerShell command prompt). This vulnerability only affects users who already have authentication access to the system.","solution":"Update to version 1.0.5, which contains a fix for the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-46735","publishedAt":"2025-05-06T17:16:12.527Z","cveId":"CVE-2025-46735","cweIds":["CWE-77"],"cvssScore":null,"cvssSeverity":null,"severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00305,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.45,"researchCategory":null,"atlasIds":null}}