SQL Injection Vulnerability in Snowflake Connector for Python by Snowflake
CVE-2025-24793

7HIGH

Key Information:

Vendor: Snowflakedb
Status: Snowflake-connector-python
Vendor: CVE Published:; 29 January 2025

🔔 Create Snowflakedb Vulnerability Alert

What is CVE-2025-24793?

The Snowflake Connector for Python, used for connecting Python applications with Snowflake, has a vulnerability that allows SQL injection through the snowflake.connector.pandas_tools module. Affected versions span from 2.2.5 to 3.13.0. Users are advised to upgrade to version 3.13.1, which includes a fix for this security issue. This vulnerability could lead to unauthorized access to data and potential manipulation, emphasizing the importance of timely updates.

Affected Version(s)

snowflake-connector-python >= 2.2.5, < 3.13.1

References

https://github.com/snowflakedb/snowflake-connector-python...

x_refsource_CONFIRM

https://github.com/snowflakedb/snowflake-connector-python...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
Jan 23, 2025