Skip to main content

Python CVE-2025-24793

HIGH
SQL Injection (CWE-89)
2025-01-29 security-advisories@github.com
Python SQLi Snowflake Connector
7.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
Patch released
Mar 28, 2026 - 18:06 nvd
Patch available
CVE Published
Jan 29, 2025 - 21:15 nvd
HIGH 7.0

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on snowflake-connector-python (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.2.5.

DescriptionGitHub Advisory

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

AnalysisAI

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 7.0). This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1. Affected products include: Snowflake Snowflake Connector. Version information: through 3.13.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More from same product – last 7 days

CVE-2026-56121 CRITICAL POC
9.3 Jun 24

Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as
CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
CVE-2026-49257 CRITICAL
10.0 Jun 18

Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on
CVE-2026-55255 CRITICAL
9.9 Jun 19

Cross-user flow execution in Langflow versions prior to 1.9.1 allows any authenticated API user to run another user's fl
CVE-2026-52806 CRITICAL
9.9 Jun 23

Remote code execution in Gogs through 0.14.2 allows authenticated users (and unauthenticated attackers on default-config

Share

CVE-2025-24793 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy