CVE-2025-12967

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions AWS JDBC Wrapper versions prior to 2.6.5 AWS Go Wrapper versions prior to 2025-10-17 AWS NodeJS Wrapper versions prior to 2.0.1 AWS Python Wrapper versions prior to 1.4.0 AWS PGSQL ODBC driver versions prior to 1.0.1

Description An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to the rds superuser role. An authenticated user with low privileges can create a crafted function that could be executed with the permissions of other Amazon Relational Database Service (RDS) users.

Recommendations Upgrade AWS JDBC Wrapper to version 2.6.5. Upgrade AWS Go Wrapper to version 2025-10-17. Upgrade AWS NodeJS Wrapper to version 2.0.1. Upgrade AWS Python Wrapper to version 1.4.0. Upgrade AWS PGSQL ODBC driver to version 1.0.1.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-470

Related Identifiers

CVE-2025-12967

GHSA-4JVF-WX3F-2X8Q

GHSA-7WQ2-32H4-9HC9

GHSA-7XW4-G7MM-R4HH

GHSA-8WJ8-CFXR-9374

GHSA-Q327-FGM8-7MXF

Affected Products

Aws Go Wrapper

Aws Jdbc Wrapper

Aws Nodejs Wrapper

Aws Pgsql Odbc Driver

Aws Python Wrapper

CVE-2025-12967

Weakness Enumeration

Related Identifiers

Affected Products

References · 30