Moderate severityNVD Advisory· Published Jan 29, 2025· Updated Jan 31, 2025
Snowflake Connector for .NET has weak temporary files permissions
CVE-2025-24788
Description
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Snowflake.DataNuGet | >= 2.0.12, < 4.3.0 | 4.3.0 |
Affected products
2- Range: >= 2.0.12, < 4.3.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2mqw-rq5m-8hc8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-24788ghsaADVISORY
- github.com/snowflakedb/snowflake-connector-net/commit/89d91e8316ca213c5d184bcf469ed93977a5edf9ghsax_refsource_MISCWEB
- github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-2mqw-rq5m-8hc8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.