CVE-2025-24789

CVE-2025-24789 is a privilege escalation vulnerability in the Snowflake JDBC Driver, a type 4 driver enabling Java programs to connect to Snowflake data warehouses. The issue arises when the EXTERNALBROWSER authentication method is used on Windows systems, allowing an attacker with write access to a directory in the system's %PATH% environment variable to execute arbitrary code as the user running the vulnerable driver. This untrusted search path flaw, classified under CWE-426, affects versions 3.2.3 through 3.21.0 exclusively on Windows platforms, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker requires low privileges (PR:L) and write access to any directory listed in the %PATH% to exploit this vulnerability. By placing a malicious executable in that path, the attacker can hijack the driver's execution flow during authentication, leading to full compromise of the affected user's context, including high confidentiality, integrity, and availability impacts.

Snowflake remediated the vulnerability in version 3.22.0 of the JDBC Driver. Security practitioners should immediately upgrade to this patched version. Additional details are available in the GitHub security advisory (GHSA-7hpq-3g6w-pvhf) and the fixing commit (4f01bb8f9b708c71e7a2111c87371dbfc1d53dd6).