{"id":"CVE-2025-24795","summary":"The Snowflake Connector for Python uses insecure cache files permissions","details":"The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.","aliases":["GHSA-r2x6-cjg7-8r43","PYSEC-2025-28"],"modified":"2026-04-10T05:23:05.754413Z","published":"2025-01-29T20:30:18.062Z","related":["CGA-6pm4-px6g-rgpx"],"database_specific":{"cwe_ids":["CWE-276"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24795.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24795.json"},{"type":"ADVISORY","url":"https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-r2x6-cjg7-8r43"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24795"},{"type":"FIX","url":"https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snowflakedb/snowflake-connector-python","events":[{"introduced":"3217bf945d623d4ebbb4dd49343a361f17b4fc8f"},{"fixed":"51bd4842f9e282e98706ca9736d169fd8f362663"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24795.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}