CVE-2025-24790

{"id": "CVE-2025-24790", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-29T18:15:47.207", "references": [{"url": "https://github.com/snowflakedb/snowflake-jdbc/commit/9e1a5acf12406b16c4780ca013f4c4db48b74b59", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-33g6-495w-v8j2", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0."}, {"lang": "es", "value": "Snowflake JDBC proporciona un controlador JDBC tipo 4 que admite funciones b\u00e1sicas, lo que permite que los programas Java se conecten a Snowflake. Snowflake descubri\u00f3 y solucion\u00f3 una vulnerabilidad en el controlador JDBC de Snowflake. En los sistemas Linux, cuando se habilita el almacenamiento en cach\u00e9 de credenciales temporales, el controlador JDBC de Snowflake almacenar\u00e1 en cach\u00e9 las credenciales temporales de forma local en un archivo legible para todo el mundo. Esta vulnerabilidad afecta a las versiones 3.6.8 a 3.21.0. Snowflake solucion\u00f3 el problema en la versi\u00f3n 3.22.0."}], "lastModified": "2025-08-25T18:23:45.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:snowflake_jdbc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE64940D-8D54-418D-B3A4-95D6C142678B", "versionEndExcluding": "3.22.0", "versionStartIncluding": "3.6.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}