CVE-2025-46329

LOW EPSS 0.9%
Published Apr 29, 20251y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Apr 29, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
0.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-532

Affected Products 1

VendorProductVersionRange
snowflakeconnector_for_c\/c\+\+*≥0.5.0  –  <2.2.0

References 2

  • github.com https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe
    Patch
  • github.com https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-jx4f-645p-wjpx
    Vendor Advisory

Remediation

  • github.com https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe
    Patch