CVE-2025-46326

CVSS 3.1 Score 7 of 10 (high)

Details

Published Apr 28, 2025

Updated: May 10, 2025

CWE ID 367

Summary

CVE-2025-46326 is a vulnerability affecting the Snowflake Connector for .NET, specifically versions 2.1.2 to 4.4.0. The Easy Logging feature, used on Linux and macOS systems, is the source of the issue. The Connector checks whether the logging configuration file can be written to only by its owner. However, this check is susceptible to a Time-of-Check to Time-of-Use (TOCTOU) race condition. Attackers with write access to the configuration file or its directory can exploit this vulnerability by manipulating the file during the check and the actual write operation, leading to unauthorized control over logging levels and output locations. This issue has been rectified in version 4.4.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Snowflake Connector

Affected Vendors

Snowflake

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners