CVE-2025-24788

Published: Jan 29, 2025Modified: Aug 25, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

Affected (1)

Products: Snowflake: Snowflake Connector

1 product

Snowflake Connector

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Snowflake Snowflake Connector	From 2.0.12 to 4.3.0

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://github.com/snowflakedb/snowflake-connector-net/commit/89d91e8316ca213c5d184bcf469ed93977a5edf9

Source: security-advisories@github.com

Patch

https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-2mqw-rq5m-8hc8

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.