CVE-2025-24788

Published Jan 29, 2025

Last updated 24 days ago

CVSS medium 5.0

Overview

Description
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5
Impact score
3.6
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-276

Social media

Hype score
Not currently trending

  1. CVE-2025-24788 snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files do… https://t.co/0n64uM9ZvS

    @CVEnew

    29 Jan 2025

    368 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References