CVE-2025-46735: 
vulnerability analysis and mitigation

The CVE-2025-46735 affects the Terraform WinDNS Provider, which allows users to manage their Windows DNS server resources through Terraform. The vulnerability was discovered in versions before 1.0.5 and was disclosed on May 6, 2025. The security issue stems from improper sanitization of input variables in the windns_record resource (NVD, GitHub Advisory).

The vulnerability is related to insufficient input sanitization in the windns_record resource functionality. The issue has been assigned a CVSS v4.0 score of 1.1 (LOW) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U. The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command) (NVD).

The vulnerability allows authenticated users with high privileges to potentially execute commands through PowerShell command injection. While the CVSS score indicates a low severity, the potential for command injection in a privileged context could lead to system compromise within the scope of the PowerShell environment (Wiz).

The vulnerability has been fixed in version 1.0.5 of the Terraform WinDNS Provider. Users should upgrade to this version or later to address the security issue. The fix includes improved input validation implemented through commit c76f696 (GitHub Commit).