CVE-2025-3717

When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in

the wrong user identifier being used, and information for which the viewer is not authorized being returned.

This issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GRAFANACNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://grafana.com/security/security-advisories/cve-2025-3717/