CVE-2025-24788

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24788

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24788.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24788

Aliases

GHSA-2mqw-rq5m-8hc8

Published

2025-01-29T20:19:16Z

Modified

2025-10-15T22:52:54.449273Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Snowflake Connector for .NET has weak temporary files permissions

Details

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

References

Affected packages

Git / github.com/snowflakedb/snowflake-connector-net

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-net
Events: Introduced

1c37458b1b5c71591db2d2b99dfc575ed650ad0e

Fixed

444a2c189291b714c7c1f91f9f62b5505844f397

Affected versions

2.*

2.0.17

v2.*

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.18

v2.0.19

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.2.0

v3.*

v3.0.0

v3.1.0

v4.*

v4.0.0

v4.1.0

v4.2.0