CVE-2025-24794

MEDIUM Year: 2025
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

Related Vulnerabilities

CVE-2021-34394

MEDIUM
CVSS:6.7(Medium)

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to...

CWE-5022021

CVE-2021-4178

MEDIUM
CVSS:6.7(Medium)

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privile...

CWE-5022021

CVE-2023-21209

MEDIUM
CVSS:6.7(Medium)

In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. ...

CWE-5022023

CVE-2013-7489

MEDIUM
CVSS:6.8(Medium)

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.

CWE-5022013

CVE-2023-38177

MEDIUM
CVSS:6.8(Medium)

Microsoft SharePoint Server Remote Code Execution Vulnerability

CWE-5022023

CVE-2024-0140

MEDIUM
CVSS:6.8(Medium)

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, da...

CWE-5022024