CVE-2025-24791

Published: Jan 29, 2025Modified: Aug 20, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

Affected (1)

Products: Snowflake: Snowflake Connector

1 product

Snowflake Connector

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Snowflake Snowflake Connector	From 1.12.0 to 2.0.2

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://github.com/snowflakedb/snowflake-connector-nodejs/commit/89731b3a4d61a75b721d13d4e47a7a3712ffa45f

Source: security-advisories@github.com

Patch

https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-xfhv-wqj6-rx99

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.