CVE-2025-24788

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Jan 29, 2025

CWE ID 276

Summary

CVE-2025-24788 is a vulnerability affecting the Snowflake Connector for .NET, identified as snowflake-connector-net. This issue stems from files downloaded from Snowflake stages being temporarily stored in a world-readable local directory, which can be accessed by unauthorized users on the same machine, leading to potential data exposure. The vulnerability impacts versions 2.0.12 to 4.2.0 on Linux and macOS. Snowflake addressed this security concern with the release of version 4.3.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2urGWE
https://www.cve.org/CVERecord?id=CVE-2025-24788
https://nvd.nist.gov/vuln/detail/CVE-2025-24788

Back to Vulnerability Database

CVE-2025-24788

CVSS 3.1 Score 5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations