CVE-2025-46614: In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive...

3.3 CVSS

Description

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.

Classification

CVE ID: CVE-2025-46614

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-532 Insertion of Sensitive Information into Log File

Affected Products

Vendor: Snowflake

Product: Snowflake ODBC

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.41% (scored less or equal to compared to others)

EPSS Date: 2025-05-27 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46614
https://community.snowflake.com/s/article/Snowflake-Connector-for-ODBC-Security-Advisory-CVE-2025-46614

Timeline

2025-04-28 16:40:11 UTC
CVE

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive...