SB2025062737 - Inclusion of Sensitive Information in Snowflake JDBC
Published: June 27, 2025
Security Bulletin ID
SB2025062737
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-27496)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands when the logging level was set to DEBUG. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. A local user can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.