PT-2025-19981 · Hashicorp · Terraform Windns Provider
Polo-Sec
·
Published
2025-05-06
·
Updated
2025-05-20
·
CVE-2025-46735
CVSS v4.0
1.1
Low
| Vector | AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U |
Name of the Vulnerable Software and Affected Versions
Terraform WinDNS Provider versions prior to 1.0.5
Description
A security issue has been found in the Terraform WinDNS Provider, where the
windns record resource did not sanitize the input variables, leading to authenticated command injection in the underlying PowerShell command prompt.Recommendations
For versions prior to 1.0.5, update to version 1.0.5 to resolve the issue. As a temporary workaround, consider sanitizing the input variables for the
windns record resource to prevent command injection.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Terraform Windns Provider