Privilege Escalation Vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL
CVE-2025-12967

8.6HIGH

Key Information:

Vendor

Aws

Status
Jdbc Wrapper
Go Wrapper
Nodejs Wrapper
Python Wrapper
Vendor
CVE Published:
10 November 2025

What is CVE-2025-12967?

An identified issue in the AWS Wrappers for Amazon Aurora PostgreSQL may allow low-privilege authenticated users to escalate privileges to the rds_superuser role. This could be achieved by crafting a specific function that executes with the permissions of other Amazon Relational Database Service (RDS) users. The security of your data is crucial; it's recommended to upgrade to the specified versions of the affected wrappers immediately to mitigate this risk.

Affected Version(s)

ODBC driver 1.0.1

Go Wrapper 2025-10-17

JDBC Wrapper 2.6.5

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/aws/aws-advanced-jdbc-wrapper/releases...
patch
https://github.com/aws/aws-advanced-go-wrapper/releases/t...
patch

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12967 : Privilege Escalation Vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL