Vulnerability DatabaseCVE-2025-12967
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-12967
November 10, 2025
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1
Affected Packages
https://github.com/aws/aws-advanced-go-wrapper.git (GITHUB):
Affected version(s) >=awssql/v1.0.0 <awssql/v1.1.1
Fix Suggestion:
Update to version awssql/v1.1.1
https://github.com/aws/aws-pgsql-odbc.git (GITHUB):
Affected version(s) =1.0.0 <1.0.1
Fix Suggestion:
Update to version 1.0.1
https://github.com/aws/aws-advanced-nodejs-wrapper.git (GITHUB):
Affected version(s) >=1.0.0 <2.0.1
Fix Suggestion:
Update to version 2.0.1
https://github.com/aws/aws-advanced-jdbc-wrapper.git (GITHUB):
Affected version(s) >=0.1.0 <2.6.5
Fix Suggestion:
Update to version 2.6.5
https://github.com/aws/aws-advanced-python-wrapper.git (GITHUB):
Affected version(s) >=1.0.0 <1.4.0
Fix Suggestion:
Update to version 1.4.0
github.com/aws/aws-advanced-go-wrapper (GO):
Affected version(s) >=v0.0.0-20250730171410-a7fe13ad660f <v0.0.0-20251017102223-8a8ba4036f43
Fix Suggestion:
Update to version v0.0.0-20251017102223-8a8ba4036f43
software.amazon.jdbc:aws-advanced-jdbc-wrapper (JAVA):
Affected version(s) >=1.0.0 <2.6.5
Fix Suggestion:
Update to version 2.6.5
aws-advanced-nodejs-wrapper (NPM):
Affected version(s) >=1.0.0 <2.0.1
Fix Suggestion:
Update to version 2.0.1
aws_advanced_python_wrapper (PYTHON):
Affected version(s) >=1.0.0 <1.4.0
Fix Suggestion:
Update to version 1.4.0
aws-advanced-python-wrapper (PYTHON):
Affected version(s) >=1.0.0 <1.4.0
Fix Suggestion:
Update to version 1.4.0
Related ResourcesĀ (15)
https://aws.amazon.com/security/security-bulletins/AWS-2025-028/
https://aws.amazon.com/security/security-bulletins/AWS-2025-028
https://nvd.nist.gov/vuln/detail/CVE-2025-12967
https://github.com/aws/aws-advanced-python-wrapper/pull/1007
https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5
https://github.com/aws/aws-pgsql-odbc/releases/tag/1.0.1
https://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374
https://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh
https://github.com/aws/aws-pgsql-odbc/security/advisories/GHSA-q327-fgm8-7mxf
https://github.com/aws/aws-advanced-python-wrapper
https://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1
https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9
https://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2025-10-17
https://github.com/aws/aws-advanced-python-wrapper/security/advisories/GHSA-4jvf-wx3f-2x8q
https://github.com/aws/aws-advanced-python-wrapper/releases/tag/1.4.0
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE-470
EPSS
Base Score:
0.18