CVE-2025-24795

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jan 29, 2025

CWE ID 276

Summary

CVE-2025-24795 is a vulnerability affecting the Snowflake Connector for Python, versions 2.3.7 to 3.13.0. This connector is used to develop applications that can connect to Snowflake and perform standard operations. The issue lies in the temporary credential caching functionality on Linux systems, where these credentials are stored in a world-readable file. This vulnerability potentially exposes sensitive information and could lead to unauthorized access. Snowflake addressed the issue in version 3.13.1, and it is essential to upgrade as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2usOn6
https://www.cve.org/CVERecord?id=CVE-2025-24795
https://nvd.nist.gov/vuln/detail/CVE-2025-24795

Back to Vulnerability Database

CVE-2025-24795

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations