CVE-2025-24790

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jan 29, 2025

CWE ID 276

Summary

CVE-2025-24790 is a vulnerability affecting the Snowflake JDBC Driver, specifically versions 3.6.8 through 3.21.0. On Linux systems where temporary credential caching is enabled, the driver caches temporary credentials locally in a world-readable file, leaving them susceptible to unauthorized access. Snowflake identified and resolved this issue in version 3.22.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Snowflake JDBC

Affected Vendors

Snowflake

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2urTuF
https://www.cve.org/CVERecord?id=CVE-2025-24790
https://nvd.nist.gov/vuln/detail/CVE-2025-24790

Back to Vulnerability Database