CVE-2025-24791

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jan 29, 2025

CWE ID 281

Summary

CVE-2025-24791 is a vulnerability affecting the Snowflake NodeJS Driver (snowflake-connector-nodejs). This NodeJS driver, used for connecting to Snowflake, was found to have an issue with file permissions checks in its temporary credential cache. An attacker with write access to the local cache directory could bypass these checks, potentially gaining unauthorized access to Snowflake accounts. This vulnerability impacts versions 1.12.0 through 2.0.1 on Linux systems. Snowflake addressed this issue in version 2.0.2 by implementing more robust file permissions checks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2urGWR
https://www.cve.org/CVERecord?id=CVE-2025-24791
https://nvd.nist.gov/vuln/detail/CVE-2025-24791

Back to Vulnerability Database

CVE-2025-24791

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations