CVE-2025-12967

HIGH

AWS Wrappers for Amazon Aurora PostgreSQL - Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

References (11)

Core 11
Core References

Scores

CVSS v3 8.0
EPSS 0.0023
EPSS Percentile 45.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-470
Status published
Products (6)
AWS/Go Wrapper 2025-10-17
AWS/JDBC Wrapper 2.6.5
AWS/NodeJS Wrapper 2.0.1
AWS/ODBC driver 1.0.1
AWS/Python Wrapper 1.4.0
pypi/aws_advanced_python_wrapper 0 - 1.4.0PyPI
Published Nov 10, 2025
Tracked Since Feb 18, 2026