Skip to content

Summit 26 from June 1-4 in San Francisco

Lead your organization in the era of agents and enterprise intelligence.

register now
security hub
overview
security bulletins
compliance center
trust center
All bulletins

Snowflake Connector for Python OCSP Cache Deserialization Privilege Escalation

Publication date: 2025-01-29

CVE ID

  • CVE-2025-24794 - The OCSP response cache uses pickle serialization, potentially leading to local privilege escalation.

CWE ID

  • CWE-502 (Deserialization of Untrusted Data)

CPEs

  • cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:*:python:*:* (versions >= 2.7.12, < 3.13.1)

Affected versions

  • 2.7.12 through 3.13.0

Patched versions:

  • 3.13.1

Description

  • The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

Resolution

  • Upgrade to Snowflake Connector for Python version 3.13.1 or later.

Where Data Does More

  • 30-day free trial
  • No credit card required
  • Cancel anytime 
start for free
watch a demo