CVE-2025-24791

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24791

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24791.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24791

Aliases

GHSA-xfhv-wqj6-rx99

Published

2025-01-29T16:59:24Z

Modified

2025-10-22T18:45:03.083301Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

Details

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

Database specific

{
    "cwe_ids": [
        "CWE-281"
    ]
}

References

Affected packages

Git / github.com/snowflakedb/snowflake-connector-net

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-net
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7be0335379301b196b50b1c48d17d445201de659

Affected versions

v0.*

v0.1.1

v0.2.0

v0.3.0

v1.*

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.1

v2.*

v2.0.0

v2.0.1

Git / github.com/snowflakedb/snowflake-connector-net

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-nodejs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

89731b3a4d61a75b721d13d4e47a7a3712ffa45f

Affected versions

v1.*

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.8

v1.1.9

v1.10.0

v1.10.1

v1.11.0

v1.12.0

v1.13.0

v1.13.1

v1.14.0

v1.15.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.13

v1.6.14

v1.6.15

v1.6.16

v1.6.17

v1.6.18

v1.6.19

v1.6.2

v1.6.20

v1.6.21

v1.6.22

v1.6.23

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.8.0

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v2.*

v2.0.0

v2.0.1

Git / github.com/snowflakedb/snowflake-connector-net

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-python
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

54d4fa33306e24a39cbe6596bc8927990d8ef153

Affected versions

v.*

v.1.7.11

v1.*

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.18

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.1

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.10

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.9.0

v2.*

v2.0.0

v2.0.1