CVE-2025-46735: Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue
Summary
The Terraform WinDNS Provider (a tool for managing Windows DNS servers through Terraform, an infrastructure automation tool) had a security flaw before version 1.0.5 where the `windns_record` resource didn't properly validate user input, allowing authenticated command injection (an attack where malicious commands are sneaked into legitimate input to execute unauthorized code in the underlying PowerShell command prompt). This vulnerability only affects users who already have authentication access to the system.
Solution / Mitigation
Update to version 1.0.5, which contains a fix for the issue.
Vulnerability Details
EPSS: 0.3%
Classification
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-46735
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 45%