Sensitive Information Exposure in Snowflake ODBC Driver
CVE-2025-46614

3.3LOW

Key Information:

Vendor: Snowflake
Status: Snowflake Odbc
Vendor: CVE Published:; 28 April 2025

What is CVE-2025-46614?

The Snowflake ODBC Driver prior to version 3.7.0 is susceptible to a vulnerability that allows full SQL queries to be logged at the INFO level. This could potentially expose sensitive data within the logged information, leading to unauthorized access or data breaches. Organizations using this driver should take immediate steps to update to version 3.7.0 or later to mitigate this security risk.

Affected Version(s)

Snowflake ODBC 0 < 3.7.0

References

https://community.snowflake.com/s/article/Snowflake-Conne...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Apr 25, 2025

CVE-2025-46614 Data

JSON