Snowflake JDBC Driver
Moderate fix1 remedy
cpe:2.3:a:snowflake:snowflake_jdbc:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 3.2.3, <= 3.21.0
Snowflake JDBC Driver Privilege Escalation Vulnerability on Windows
Vulnerability
Patched
A vulnerability in the Snowflake JDBC Driver has been identified, allowing for local privilege escalation on Windows systems. This issue arises when the EXTERNALBROWSER authentication method is used. An attacker with write access to a directory in the %PATH% can place a malicious executable that, when executed, escalates privileges to the user running the JDBC Driver. The vulnerability affects Snowflake JDBC Driver versions 3.2.3 through 3.21.0.
Impact
Exploitation of this vulnerability allows for local privilege escalation to the user running the Snowflake JDBC Driver.
Reproduction
To reproduce this vulnerability, use a version of the Snowflake JDBC Driver between 3.2.3 and 3.21.0 on a Windows system. Select the EXTERNALBROWSER authentication method. An attacker can then place a malicious executable in a directory listed in the %PATH%, which will be executed by the JDBC Driver, leading to privilege escalation.
Remediation
Upgrade to Snowflake JDBC Driver version 3.22.0, which addresses this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
10.0exploitability
4.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.