CVE-2025-24788

Name of the Vulnerable Software and Affected Versions snowflake-connector-net versions 2.0.12 through 4.2.0

Description The issue arises when files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This occurs because the files in the temporary directory have world-readable permissions on Linux and macOS. The estimated number of potentially affected devices is not specified.

Recommendations For versions 2.0.12 through 4.2.0, upgrade to version 4.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by the Snowflake Connector for .NET to minimize the risk of exploitation.