CVE ID
- CVE-2025-24795 - On Linux, when temporary credential caching is enabled, the Python Connector caches credentials in a world-readable file.
CWE ID
- CWE-276 (Incorrect Default Permissions)
CPEs
- cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:*:python:*:* (versions >= 2.3.7, < 3.13.1)
Affected versions
- 2.3.7 through 3.13.0
Patched versions:
- 3.13.1
Description
- The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Resolution
- Upgrade to Snowflake Connector for Python version 3.13.1 or later.
