{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T21:18:04.610","vulnerabilities":[{"cve":{"id":"CVE-2025-27496","sourceIdentifier":"security-advisories@github.com","published":"2025-03-13T19:15:52.050","lastModified":"2025-08-22T17:42:18.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver (\"Driver\") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations,  and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1."},{"lang":"es","value":"Snowflake, una plataforma para el uso de inteligencia artificial en el contexto de la computación en la nube, presenta una vulnerabilidad en el controlador JDBC de Snowflake (\"Driver\") en las versiones 3.0.13 a 3.23.0. Cuando el nivel de registro se establecía en DEBUG, el controlador registraba localmente la clave maestra de cifrado del lado del cliente de la etapa de destino durante la ejecución de comandos GET/PUT. Esta clave, por sí sola, no otorga acceso a datos confidenciales sin autorizaciones de acceso adicionales y Snowflake no la registra en el servidor. Snowflake solucionó el problema en la versión 3.23.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snowflake:snowflake_jdbc:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.13","versionEndExcluding":"3.23.1","matchCriteriaId":"940CB581-6281-4238-9A49-CFEC2FC946B3"}]}]}],"references":[{"url":"https://github.com/snowflakedb/snowflake-jdbc/commit/ef81582ce2f1dbc3c8794a696c94f4fe65fad507","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-q298-375f-5q63","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}