CVE-2025-24791

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24791

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24791.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-24791

Aliases

GHSA-xfhv-wqj6-rx99

Published

2025-01-29T16:59:24.627Z

Modified

2026-02-11T13:43:56.297916Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

Details

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-281"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24791.json"
}

References

Affected packages

Git

github.com/snowflakedb/snowflake-connector-net

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-net
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7be0335379301b196b50b1c48d17d445201de659

Affected versions

v0.*

v0.1.1

v0.2.0

v0.3.0

v1.*

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.1

v2.*

v2.0.0

v2.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24791.json"

github.com/snowflakedb/snowflake-connector-nodejs

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-nodejs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

89731b3a4d61a75b721d13d4e47a7a3712ffa45f

Introduced

5cd97375e7dffe246619c9154a5a53f287b5798c

Fixed

89731b3a4d61a75b721d13d4e47a7a3712ffa45f

Affected versions

v1.*

v1.12.0

v1.13.0

v1.13.1

v1.14.0

v1.15.0

v2.*

v2.0.0

v2.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24791.json"

github.com/snowflakedb/snowflake-connector-python

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-python
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

54d4fa33306e24a39cbe6596bc8927990d8ef153

Affected versions

v.*

v.1.7.11

v1.*

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.18

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.1

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.10

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.9.0

v2.*

v2.0.0

v2.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24791.json"