low
3.3
CWE
532
EPSS
0.008%
Advisory Published
CVE Published
Updated

CVE-2025-27496: Snowflake JDBC Driver client-side encryption key in DEBUG logs

First published: Thu Mar 13 2025(Updated: )

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC driver (“Driver”). When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This vulnerability affects Driver versions 3.0.13 through 3.23.0. Snowflake fixed the issue in version 3.23.1. ### Vulnerability Details When the logging level was set to DEBUG, the Driver would locally log the client-side encryption master key of the target stage during the execution of GET/PUT commands. The key was logged in a JSON object under the queryStageMasterKey key. The key by itself does not grant access to any sensitive data. ### Solution Snowflake released version 3.23.1 of the Snowflake JDBC driver, which fixes this issue. We highly recommend users upgrade to version 3.23.1. ### Additional Information If you discover a security vulnerability in one of our products or websites, please report the issue to Snowflake through our Vulnerability Disclosure Program hosted at HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Snowflake Connector>=3.0.13<=3.23.0
maven/net.snowflake:snowflake-jdbc>=3.0.13<=3.23.0
3.23.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What are the affected versions for CVE-2025-27496?

    CVE-2025-27496 affects versions 3.0.13 through 3.23.0 of the Snowflake JDBC Driver.

  • What is the main issue identified in CVE-2025-27496?

    CVE-2025-27496 involves the Snowflake JDBC Driver logging sensitive client-side information locally when the logging level is set to DEBUG.

  • How can organizations mitigate the risks associated with CVE-2025-27496?

    Organizations can mitigate CVE-2025-27496 by updating the Snowflake JDBC Driver to a version outside the affected range.

  • Is CVE-2025-27496 specific to any particular operating system?

    CVE-2025-27496 is not specific to any operating system; it relates to the Snowflake JDBC Driver regardless of the platform it is used on.

  • What is the potential impact of exploiting CVE-2025-27496?

    Exploiting CVE-2025-27496 could lead to unauthorized exposure of sensitive client-side information.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203