CVE ID
- CVE-2025-24793 - A function in snowflake.connector.pandas_tools is vulnerable to SQL injection via unsanitized arguments.
CWE ID
- CWE-89 (Improper Neutralization of Special Elements used in an SQL Command)
CPEs
- cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:*:python:*:* (versions >= 2.2.5, < 3.13.1)
Affected versions
- 2.2.5 through 3.13.0
Patched versions:
- 3.13.1
Description
- The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Resolution
- Upgrade to Snowflake Connector for Python version 3.13.1 or later.
