CVE-2025-24791 – The snowflake-connector-nodejs driver has a vul... (How to Fix)

📋 TL;DR

The snowflake-connector-nodejs driver has a vulnerability where file permission checks for temporary credential cache can be bypassed. An attacker with write access to the local cache directory could potentially manipulate cached credentials. This affects Linux users running versions 1.12.0 through 2.0.1 of the Snowflake NodeJS driver.

💻 Affected Systems

Products:

snowflake-connector-nodejs

Versions: 1.12.0 through 2.0.1

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Linux systems. Windows and macOS are not vulnerable.

📦 What is this software?

Snowflake Connector by Snowflake

View all CVEs affecting Snowflake Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local write access could manipulate cached credentials to gain unauthorized access to Snowflake data or perform actions as the compromised user.

🟠

Likely Case

Local privilege escalation or credential theft if an attacker already has some level of access to the system.

🟢

If Mitigated

Limited impact if proper file permissions and access controls are enforced on cache directories.

🌐 Internet-Facing: LOW - This is a local file system vulnerability requiring write access to cache directory.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts with local access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local write access to cache directory. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2

Vendor Advisory: https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-xfhv-wqj6-rx99

Restart Required: No

Instructions:

1. Update snowflake-connector-nodejs to version 2.0.2 or later using npm: npm update snowflake-sdk
2. Verify the update was successful by checking the package version.

🔧 Temporary Workarounds

Restrict cache directory permissions

linux

Set strict file permissions on the Snowflake credential cache directory to prevent unauthorized write access.

chmod 700 ~/.snowflake
chown -R $(whoami):$(whoami) ~/.snowflake

Disable credential caching

all

Configure the Snowflake connector to not cache credentials locally.

Set connection parameter 'cacheCredentials' to false in your Snowflake connection configuration

🧯 If You Can't Patch

Implement strict file permissions on the ~/.snowflake directory (chmod 700)
Monitor for unauthorized access to the cache directory and review access controls

🔍 How to Verify

Check if Vulnerable:

Check the installed version of snowflake-sdk: npm list snowflake-sdk

Check Version:

npm list snowflake-sdk | grep snowflake-sdk

Verify Fix Applied:

Verify the installed version is 2.0.2 or higher: npm list snowflake-sdk | grep snowflake-sdk

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to ~/.snowflake directory
Unexpected modifications to credential cache files

Network Indicators:

Unusual Snowflake API calls from unexpected locations or users

SIEM Query:

source="linux_audit" AND path="/home/*/.snowflake/*" AND (action="write" OR action="modify") AND user!=expected_user

📊 Metadata

CVE ID: CVE-2025-24791

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-281

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: January 29, 2025

Last Updated: August 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24791, you might also want to check these: