← Back

CVE-2025-24790

nvd nist
Published: Jan 29, 2025Modified: Aug 25, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.

Affected (1)

Snowflake
1 product
Snowflake Jdbc
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snowflake Jdbc
From 3.6.8 to 3.22.0
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.