How severe is CVE-2025-24790?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2025-24790?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2025-24790 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.

Related Vulnerabilities

CVE-2020-26807

MEDIUM

CVSS:4.4(Medium)

SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.

CWE-2762020

CVE-2020-29503

MEDIUM

CVSS:4.4(Medium)

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information d...

CWE-2762020

CVE-2020-36605

MEDIUM

CVSS:4.4(Medium)

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi O...

CWE-2762020

CVE-2021-0093

MEDIUM

CVSS:4.4(Medium)

Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

CWE-2762021

CVE-2021-36781

MEDIUM

CVSS:4.4(Medium)

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This iss...

CWE-2762021

CVE-2022-36367

MEDIUM

CVSS:4.4(Medium)

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.

CWE-2762022