5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24788

GHSA ID

GHSA-2mqw-rq5m-8hc8

EPSS Score

0.03883%

CWE

CWE-276

Published

1/29/2025

Updated

1/29/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24788

CVE-2025-24788: Snowflake.Data has weak temporary files permissions

Issue

Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine.

This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

Vulnerability Details

When downloading files from stages, the Snowflake Connector for .NET uses the OS temporary directory to save files before copying them to the destination directory. The files in the temporary directory, which are removed once the write to the destination directory concludes, have world-readable permissions on Linux and macOS. This could allow any user on the local machine to access them during their limited lifetime.

Solution

Snowflake released version 4.3.0 of the Snowflake Connector for .NET, which fixes this issue. We recommend users upgrade to version 4.3.0.

Additional Information

If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

(GitHub Advisory)

5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24788

GHSA ID

GHSA-2mqw-rq5m-8hc8

EPSS Score

0.03883%

CWE

CWE-276

Published

1/29/2025

Updated

1/29/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Snowflake.Data	nuget	>= 2.0.12, <= 4.2.0	4.3.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using default file creation methods (File.WriteAllText, File.Create, etc.) that inherited OS temporary directory permissions. The commit shows replacements with FileOperations.Instance.Create which adds Unix permission checks and restricts access. Key indicators include: 1) Test files modified to use secure writes, 2) Azure/S3 client downloads wrapped in permission-aware streams, 3) New FileOperations class enforcing 600-style permissions. Functions using raw file system access without permission controls in affected versions were vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Issu* Snow*l*k* *is*ov*r** *n* r*m**i*t** * vuln*r**ility in t** Snow*l*k* *onn**tor *or .N*T in w*i** *il*s *ownlo**** *rom st***s *r* t*mpor*rily pl**** in * worl*-r*****l* lo**l *ir**tory, m*kin* t**m ****ssi*l* to un*ut*oriz** us*rs on t** s*

Reasoning

T** vuln*r**ility st*mm** *rom usin* ****ult *il* *r**tion m*t*o*s (*il*.Writ**llT*xt, *il*.*r**t*, *t*.) t**t in**rit** OS t*mpor*ry *ir**tory p*rmissions. T** *ommit s*ows r*pl***m*nts wit* *il*Op*r*tions.Inst*n**.*r**t* w*i** ***s Unix p*rmission

5

Basic Information

Concerned about an active attack path?

CVE-2025-24788: Snowflake.Data has weak temporary files permissions

Issue

Vulnerability Details

Solution

Additional Information

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI