CVE-2025-24792
📋 TL;DR
The Snowflake PHP PDO Driver has a signed-to-unsigned conversion vulnerability when executing unsupported queries like PUT or GET on stages, causing application crashes. This affects PHP applications using vulnerable driver versions to connect to Snowflake databases. The vulnerability impacts availability but does not allow data compromise.
💻 Affected Systems
- Snowflake PHP PDO Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Denial of service causing application crashes and disrupting database connectivity for all users.
Likely Case
Application instability and intermittent crashes when unsupported queries are executed, affecting specific functionality.
If Mitigated
Minimal impact with proper input validation and error handling preventing unsupported queries.
🎯 Exploit Status
Exploitation requires application access to execute specific query types; no public exploit code is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.0
Vendor Advisory: https://github.com/snowflakedb/pdo_snowflake/security/advisories/GHSA-f8q2-7fv5-cg93
Restart Required: Yes
Instructions:
1. Update Snowflake PHP PDO Driver to version 3.1.0 or later. 2. Restart PHP services or web server. 3. Test application functionality with Snowflake connectivity.
🔧 Temporary Workarounds
Input validation for queries
allImplement application-level validation to reject PUT and GET queries before they reach the driver.
Error handling wrapper
allWrap database operations in try-catch blocks to handle crashes gracefully and restart connections.
🧯 If You Can't Patch
- Implement strict input validation to block PUT and GET queries at application layer.
- Deploy monitoring to detect and alert on application crashes related to database operations.
🔍 How to Verify
Check if Vulnerable:
Check PHP application's composer.json or installed packages for pdo_snowflake version.Check Version:
php -r "echo phpversion('pdo_snowflake');"Verify Fix Applied:
Verify pdo_snowflake version is 3.1.0 or higher and test PUT/GET queries no longer crash.📡 Detection & Monitoring
Log Indicators:
- Application crash logs mentioning Snowflake driver
- PHP fatal errors related to PDO operations
- Database connection failures after specific queries
Network Indicators:
- Unusual patterns of failed database connections
- Increased error responses from application endpoints
SIEM Query:
source="php_error.log" AND ("pdo_snowflake" OR "Snowflake" OR "PUT" OR "GET") AND ("crash" OR "fatal" OR "segmentation fault")