CVE-2025-46327

CVSS 3.1 Score 7 of 10 (high)

Details

Published Apr 28, 2025

Updated: May 9, 2025

CWE ID 367

Summary

CVE-2025-46327 is a vulnerability affecting versions of the gosnowflake Snowflake Golang driver from 1.7.0 to before 1.13.3. This issue involves a Time-of-Check to Time-of-Use (TOCTOU) race condition on Linux and macOS. The driver uses user-provided files for logging configuration, which it checks for write access by the file owner. However, this check was susceptible to a TOCTOU race condition, allowing a local attacker with write access to the configuration file or its directory to manipulate logging levels and output locations. This vulnerability has been addressed in version 1.13.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Snowflake

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5cXMjT
https://www.cve.org/CVERecord?id=CVE-2025-46327
https://nvd.nist.gov/vuln/detail/CVE-2025-46327

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners

CVE-2025-46327

CVSS 3.1 Score 7 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations