CVE-2025-24789

Name of the Vulnerable Software and Affected Versions Snowflake JDBC Driver versions 3.2.3 through 3.21.0

Description The issue allows an attacker with write access to a directory in the %PATH% to escalate their privileges to the user that runs the vulnerable JDBC Driver version when the EXTERNALBROWSER authentication method is used on Windows. This is possible because the Snowflake JDBC Driver tries to open the SSO URL using xdg-open, which is a Linux program that doesn’t exist in a default Windows installation, allowing a sufficiently privileged attacker to place a malicious executable in one of the directories on the %PATH% and achieve local privilege escalation.

Recommendations For Snowflake JDBC Driver versions 3.2.3 through 3.21.0, upgrade to version 3.22.0 to fix the issue. As a temporary workaround, consider restricting access to the %PATH% directories to minimize the risk of exploitation. Avoid using the EXTERNALBROWSER authentication method until the issue is resolved.