Grafana Snowflake DS Plugin 1.5.01.14.1 OAuth Passthrough Bypass (Info Disclosure)
CVE-2025-3717 Published on November 11, 2025
Incorrect oauth passthrough in Grafana Snowflake Datasource
When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in
the wrong user identifier being used, and information for which the viewer is not authorized being returned.
This issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1.
Weakness Type
What is a Separation of Privilege Vulnerability?
The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions. When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
CVE-2025-3717 has been classified to as a Separation of Privilege vulnerability or weakness.
Products Associated with CVE-2025-3717
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana Labs Grafana Snowflake Datasource Plugin:- Version 1.5.0 and below 1.14.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.