VDB
CVE-2025-24795
CVE-2025-24795
PUBLISHED
CVSS 4.400000095367432 MEDIUM
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
EPSS 0.14% · 34.0th percentile
Risk Scores
CVSS v3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.14%
34.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| snowflake | snowflake_connector | 2.3.7 |
| snowflakedb | snowflake-connector-python | >= 2.3.7, < 3.13.1 |
| PyPI | snowflake-connector-python | 2.3.7 |
Timeline
- Jan 21, 1970 Security Advisory
- Jan 29, 2025 CVE Published
- Jan 29, 2025 PoC Published
- Jan 29, 2025 PoC Published
- Jan 30, 2025 EPSS Score
- Feb 14, 2025 EPSS Score
- Feb 22, 2025 Coalition ESS Score
- Mar 1, 2025 EPSS Score
- Mar 16, 2025 EPSS Score
- Mar 31, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 30, 2025 EPSS Score
References
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-r2x6-cjg7-8r43 url
- https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af url
- https://nvd.nist.gov/vuln/detail/CVE-2025-24795 advisory
- https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2025-28.yaml url
- https://github.com/snowflakedb/snowflake-connector-python package
- https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.13.1 url