CVE-2025-24788

Medium CVSS: 5.0

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

Vendor

Snowflake

Product

Snowflake Connector

CWE

CWE-276

Yayın Tarihi

2025-01-29 21:15:21

Güncelleme

2025-08-25 18:20:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-276 Snowflake Connector MEDIUM Snowflake 2025

Referanslar

https://github.com/snowflakedb/snowflake-connector-net/commit/89d91e8316ca213c5d184bcf469ed93977a5edf9 https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-2mqw-rq5m-8hc8

Benzer Kayıtlar

Medium

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.…

Medium

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner…

Low

CVE-2025-46329

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to…

Low

CVE-2025-46330

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat…

Low

CVE-2025-46326

snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerabl…

Low

CVE-2025-46327

gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-C…