CVE-2025-27496

Name of the Vulnerable Software and Affected Versions: Snowflake JDBC driver versions 3.0.13 through 3.23.0

Description: The issue concerns the Snowflake JDBC driver, where the client-side encryption master key of the target stage is logged locally when the logging level is set to DEBUG during GET/PUT commands. This key alone does not grant access to sensitive data without additional access authorizations and is not logged server-side by Snowflake.

Recommendations: For versions 3.0.13 through 3.23.0, update to version 3.23.1 to resolve the issue. As a temporary workaround, consider setting the logging level to a value other than DEBUG to prevent local logging of the client-side encryption master key.