CVE-2025-46330 is a vulnerability identified in the Snowflake Connector for C/C++ library, known as libsnowflakeclient, affecting versions from 0.5.0 up to but not including 2.2.0. The issue stems from improper handling of HTTP 400 Bad Request responses. Specifically, the client library incorrectly treats malformed requests that result in a 400 status code as retryable errors. This behavior causes the application using the library to enter a retry loop, sending repeated requests up to the configured maximum retry limit (SF_CON_MAX_RETRY). Consequently, this can lead to the application hanging or becoming unresponsive during these retries. The root cause is categorized under CWE-573, which relates to improper following of specifications by the caller, indicating that the client does not correctly interpret the HTTP protocol semantics for 400 responses, which are client errors and should not be retried. This vulnerability does not impact confidentiality or integrity but affects availability by potentially causing denial of service conditions through application hangs. The issue has been addressed and patched in libsnowflakeclient version 2.2.0. The CVSS 3.1 base score is 3.3, indicating a low severity, with attack vector local, low attack complexity, requiring low privileges and no user interaction, and impacting availability only. There are no known exploits in the wild at the time of publication.

For European organizations leveraging Snowflake's C/C++ connector in their data infrastructure, this vulnerability could cause service disruptions due to application hangs when malformed requests are processed. This may affect data processing pipelines, analytics workloads, or any automated systems relying on libsnowflakeclient, leading to operational downtime or delays. While the vulnerability does not expose sensitive data or allow unauthorized data modification, the availability impact could disrupt business continuity, especially in environments with high data throughput or real-time analytics requirements. Organizations with critical data workflows dependent on Snowflake connectors might experience degraded performance or require manual intervention to recover from the hang state. The impact is more pronounced in environments where the affected versions are deployed in production and where retry limits are high, potentially exacerbating the downtime. Given the low CVSS score and absence of known exploits, the immediate risk is limited but should not be ignored, particularly in sectors where data availability is crucial, such as finance, healthcare, and telecommunications.

To mitigate this vulnerability, European organizations should prioritize upgrading libsnowflakeclient to version 2.2.0 or later, where the issue is patched. If immediate upgrading is not feasible, organizations should implement the following specific measures: 1) Review and adjust the SF_CON_MAX_RETRY configuration to a lower value to reduce the duration of potential hangs. 2) Implement application-level timeout and circuit breaker patterns to detect and recover from prolonged retry loops caused by malformed requests. 3) Validate and sanitize all outgoing requests to Snowflake to minimize the chance of sending malformed requests that trigger HTTP 400 responses. 4) Monitor application logs and metrics for repeated 400 responses and retry behavior to detect potential exploitation or misconfiguration early. 5) Engage with Snowflake support or vendor channels to obtain any interim patches or workarounds if upgrading is delayed. These targeted actions go beyond generic patching advice by focusing on operational controls and proactive detection to minimize downtime.