CVE-2025-46328

CVSS 3.1 Score 7 of 10 (high)

Details

Published Apr 28, 2025

Updated: May 9, 2025

CWE ID 367

Summary

CVE-2025-46328 is a vulnerability affecting the snowflake-connector-nodejs, a NodeJS driver for Snowflake. Versions between 1.10.0 and 2.0.3 are susceptible to a Time-of-Check to Time-of-Use (TOCTOU) race condition. During use of the Easy Logging feature on Linux and macOS, the Driver reads the logging configuration from a user-supplied file. Despite checking that the configuration file can only be written to by its owner, this verification was prone to a TOCTOU race condition. This weakness allowed a local attacker with write access to the configuration file or its directory to manipulate logging levels and output locations. The vulnerability has been mitigated in version 2.0.4 through appropriate patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Snowflake Connector

Affected Vendors

Snowflake

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners