CVE-2025-24795

Name of the Vulnerable Software and Affected Versions Snowflake Connector for Python versions 2.3.7 through 3.13.0

Description The Snowflake Connector for Python stores temporary credentials locally in a world-readable file when temporary credential caching is enabled on Linux systems. This issue affects versions 2.3.7 through 3.13.0. The problem was fixed in version 3.13.1.

Recommendations For versions 2.3.7 through 3.13.0, upgrade to version 3.13.1 to resolve the issue. As a temporary workaround, consider disabling temporary credential caching until the patch is applied. Restrict access to the local file where temporary credentials are cached to minimize the risk of exploitation.