CVE-2025-32382: 
Metabase vulnerability analysis and mitigation

Metabase, an open source Business Intelligence and Embedded Analytics tool, was found to have a vulnerability (CVE-2025-32382) where Snowflake connection credentials were being logged by the Metabase backend under certain conditions. The issue was discovered and disclosed on April 10, 2025, affecting versions 0.52.12-0.52.17.1, 1.52.12-1.52.17.1, 0.53.2.3-0.53.9.5, and versions prior to 0.54.1.5 and 1.54.1.5 (GitHub Advisory).

The vulnerability occurs when administrators change Snowflake connection details in Metabase, either by updating a password or switching between password and private key authentication. During this process, Metabase attempts to remove older connection details by testing one connection method at a time. When a successful connection is found, the system logs the event using the format 'Successfully connected, migrating to: %s' along with the connection details, which inadvertently exposes the username and password in the logs. The logging is done by the Metabase backend with default console logging, though it can be overridden through the log4j2.xml configuration file. The vulnerability has been assigned a CVSS v4.0 score of 1.8 (Low) (GitHub Advisory).

The primary impact of this vulnerability is the potential exposure of Snowflake database credentials in Metabase's log files. This could lead to unauthorized access to sensitive database credentials if an attacker gains access to the system logs (GitHub Advisory).

The issue has been patched in versions 52.17.1, 53.9.5, and 54.1.5 for both OSS and enterprise editions. For users unable to update immediately, a workaround is available by modifying the log level in the log4j2.xml configuration file to prevent logging of Snowflake credentials. Notably, versions 51 and lower are not impacted by this vulnerability (GitHub Advisory).