CVE-2025-24791 MEDIUM

CVE-2025-24791: snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

Vendor Snowflakedb

Product snowflake-connector-nodejs

Weakness CWE-281

Published January 29, 2025

Last update January 29, 2025

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

Description

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

Key dates

Disclosure timeline

January 29, 2025 CVE published

January 29, 2025 Record updated

Identifiers

CVE CVE-2025-24791

CWE CWE-281

CVSS 4.4 / MEDIUM

Affected versions

Vendor Snowflakedb

Product snowflake-connector-nodejs

Affected >= 1.12.0, < 2.0.2