CVE-2025-12967

Summary

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

Affected Software

VendorProductVersion RangeStatus
AWSJDBC Wrapper2.6.5unaffected
AWSGo Wrapper2025-10-17unaffected
AWSNodeJS Wrapper2.0.1unaffected
AWSPython Wrapper1.4.0unaffected
AWSODBC driver1.0.1affected

Weaknesses

  • CWE-470: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References