cvedb.io
CVE-2025-24789
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-01-29T18:15:47.030 · Last modified 2026-06-17T08:59:36.757

Summary

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0.

Affected products

snowflake — snowflake_jdbc

Does this affect you?

Add your gear to cvedb and we'll alert you only when snowflake ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.