Cyber Resilience

CVE-2025-46330

Low

Published: 29 April 2025

Published
29 April 2025
Modified
09 May 2025
KEV Added
Patch
CVSS Score v3.1 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0012 30.6th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46330 is a low-severity Improper Following of Specification by Caller (CWE-573) vulnerability in Snowflake Connector For C\/C\+\+. Its CVSS base score is 3.3 (Low).

Operationally, ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were…

more

sent. This issue has been patched in version 2.2.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

snowflake
connector for c\/c\+\+
0.5.0 — 2.2.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References