CVE-2025-24794 MEDIUM

CVE-2025-24794: The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

Vendor Snowflakedb

Product snowflake-connector-python

Weakness CWE-502 · Unsafe deserialization

Published January 29, 2025

Last update January 31, 2025

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

Key dates

Disclosure timeline

January 29, 2025 CVE published

January 31, 2025 Record updated

Identifiers

CVE CVE-2025-24794

CWE CWE-502

CVSS 6.7 / MEDIUM

Affected versions

Vendor Snowflakedb

Product snowflake-connector-python

Affected >= 2.7.12, < 3.13.1