CVE-2025-24790

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-24790
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24790.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-24790
Aliases
Related
Published
2025-01-29T17:49:19Z
Modified
2025-10-20T20:30:28.366185Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Snowflake JDBC uses insecure temporary credential cache file permissions
Details

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.

Database specific 
{
    "cwe_ids": [
        "CWE-276"
    ]
}
References

Affected packages

Git / github.com/snowflakedb/snowflake-jdbc

Affected ranges

Type
GIT
Repo
https://github.com/snowflakedb/snowflake-jdbc
Events
Introduced
9aa5456b9bce5f80b7a9d55ebe5fa8399d55a658
Fixed
ebb315c4a01b18e571cff086d67aff33def10400

Affected versions

3.*

3.13.21
3.13.22

v3.*

v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.11.1
v3.12.0
v3.12.1
v3.12.11
v3.12.12
v3.12.14
v3.12.16
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.9
v3.13.0
v3.13.1
v3.13.10
v3.13.12
v3.13.13
v3.13.14
v3.13.15
v3.13.16
v3.13.17
v3.13.18
v3.13.19
v3.13.2
v3.13.20
v3.13.21
v3.13.22
v3.13.23
v3.13.24
v3.13.25
v3.13.26
v3.13.27
v3.13.28
v3.13.29
v3.13.3
v3.13.30
v3.13.31
v3.13.32
v3.13.33
v3.13.4
v3.13.5
v3.13.6
v3.13.7
v3.13.8
v3.13.9
v3.14.0
v3.14.1
v3.14.2
v3.14.3
v3.14.4
v3.14.5
v3.15.0
v3.15.1
v3.16.0
v3.16.1
v3.17.0
v3.18.0
v3.19.0
v3.19.1
v3.20.0
v3.21.0
v3.6.10
v3.6.11
v3.6.12
v3.6.13
v3.6.14
v3.6.15
v3.6.16
v3.6.17
v3.6.18
v3.6.19
v3.6.20
v3.6.21
v3.6.23
v3.6.24
v3.6.25
v3.6.26
v3.6.27
v3.6.28
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.7.2
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.8.7
v3.8.8
v3.9.0
v3.9.1
v3.9.2

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "163462292315131043009619918423020661552",
                "172755071904979632887942217402952396872",
                "324038985784841644452231720853664589211",
                "186511955661388583231338465135382544632"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2025-24790-e1762ab4",
        "target": {
            "file": "src/main/java/net/snowflake/client/jdbc/SnowflakeDriver.java"
        },
        "source": "https://github.com/snowflakedb/snowflake-jdbc/commit/ebb315c4a01b18e571cff086d67aff33def10400"
    }
]