CVE-2025-24794
Local Privilege Escalation vulnerability in snowflake-connector-python (PyPI)
What is CVE-2025-24794 About?
The Snowflake Connector for Python improperly uses the `pickle` serialization format for its OCSP response cache, creating a local privilege escalation vulnerability. An attacker can exploit this by injecting malicious serialized objects into the cache. This is a moderately complex local attack.
Affected Software
- snowflake-connector-python
- <3769b43822357c3874c40f5e74068458c2dc79af
- >2.7.12, <3.13.1
Technical Details
The Snowflake Connector for Python versions 2.7.12 through 3.13.0 are vulnerable due to their use of Python's pickle module for serializing OCSP response cache data. The pickle module is known to be insecure against maliciously constructed data, as it can execute arbitrary code during deserialization. An attacker with local access to the system where the Snowflake Connector is used could inject a specially crafted, serialized Python object into the OCSP response cache. When the connector later attempts to deserialize this cached data, the malicious object would trigger arbitrary code execution, potentially leading to local privilege escalation or other unauthorized actions within the context of the user running the Python application.
What is the Impact of CVE-2025-24794?
Successful exploitation may allow attackers to execute arbitrary code with elevated privileges, leading to local privilege escalation or unauthorized access to system resources.
What is the Exploitability of CVE-2025-24794?
This vulnerability requires local access to the system where the Snowflake Connector for Python is installed and operating. Exploitation complexity is moderate, as it involves crafting a malicious pickle payload and injecting it into the OCSP response cache. No remote access is directly implied; an attacker must have a foothold on the target system. There are no authentication requirements for the exploit itself, but the initial local access might require some form of authentication. No specific elevated privileges are needed to inject into the cache, but the impact of privilege escalation depends on the privileges of the process that later deserializes the malicious data. The key prerequisite is local access and the ability to write to the cache location.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-24794?
About the Fix from Resolved Security
Available Upgrade Options
- snowflake-connector-python
- <3769b43822357c3874c40f5e74068458c2dc79af → Upgrade to 3769b43822357c3874c40f5e74068458c2dc79af
- snowflake-connector-python
- >2.7.12, <3.13.1 → Upgrade to 3.13.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-m4f6-vcj4-w5mx
- https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2025-27.yaml
- https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-m4f6-vcj4-w5mx
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-m4f6-vcj4-w5mx
- https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.13.1
- https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af
- https://nvd.nist.gov/vuln/detail/CVE-2025-24794
- https://osv.dev/vulnerability/PYSEC-2025-27
What are Similar Vulnerabilities to CVE-2025-24794?
Similar Vulnerabilities: CVE-2023-45133 , CVE-2023-38827 , CVE-2022-24348 , CVE-2021-36652 , CVE-2020-9401
