CVE-2025-24791

Name of the Vulnerable Software and Affected Versions snowflake-connector-nodejs versions 1.12.0 through 2.0.1

Description The issue concerns a vulnerability in the Snowflake NodeJS Driver where file permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This could occur when using EXTERNALBROWSER or USERNAME PASSWORD MFA authentication methods with temporary credential caching enabled on Linux. The vulnerability allows an attacker to plant an empty file in the cache folder, which the Driver would use to store temporary credentials instead of rejecting it due to overly broad permissions.

Recommendations For versions 1.12.0 through 2.0.1, upgrade to version 2.0.2 to fix the issue. As a temporary workaround, consider restricting access to the local cache directory to prevent attackers from planting malicious files. Avoid using the vulnerable authentication methods until the issue is resolved.