PT-2025-5575 · Snowflake · Snowflake Connector For Python
Sfc-Gh-Fochnik
·
Published
2025-01-29
·
Updated
2025-01-29
·
CVE-2025-24794
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Snowflake Connector for Python versions 2.7.12 through 3.13.0
Description
The OCSP response cache in the Snowflake Connector for Python uses
pickle as the serialization format, potentially leading to local privilege escalation. This issue can be exploited if an attacker has write access to the OCSP response cache file. The vulnerability was discovered and remediated by Snowflake.Recommendations
For versions 2.7.12 through 3.13.0, upgrade to version 3.13.1 to fix the issue. As a temporary workaround, consider restricting access to the OCSP response cache file to minimize the risk of exploitation.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snowflake Connector For Python