← Back

CVE-2025-24795

nvd nist
Published: Jan 29, 2025Modified: Aug 25, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

Affected (1)

Snowflake
1 product
Snowflake Connector
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snowflake Connector
From 2.3.7 to 3.13.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.