VDB

CVE-2025-27496

CVE-2025-27496 PUBLISHED CVSS 3.299999952316284 LOW

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

EPSS 0.12% · 30.2th percentile

Risk Scores

CVSS v3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.12%
30.2th percentile

Affected Products

VendorProductVersions
snowflakesnowflake_jdbc3.0.13
snowflakedbsnowflake-jdbc>= 3.0.13, < 3.23.1
Mavennet.snowflake:snowflake-jdbc3.0.13

Timeline

  • CVE Published
  • Jan 21, 1970 Security Advisory
  • Mar 13, 2025 PoC Published
  • Mar 13, 2025 PoC Published
  • Mar 14, 2025 EPSS Score
  • Mar 14, 2025 Coalition ESS Score
  • Mar 27, 2025 EPSS Score
  • Apr 10, 2025 EPSS Score
  • Apr 23, 2025 EPSS Score
  • Apr 28, 2025 Coalition ESS Score
  • Apr 29, 2025 Coalition ESS Score
  • May 7, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›