CVE-2025-12967_CVE-2025-12967

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

AI Analysis

Privilege escalation vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL, allowing low-privilege users to create crafted functions with elevated permissions

Basic Information

ID CVE-2025-12967

Source AMZN

Published Nov 10, 2025 at 18:09

Modified Nov 10, 2025 at 18:35

Affected Product

Vendor AWS

Product JDBC Wrapper

Version 2.6.5

Affected Versions AWS ODBC driver 1.0.1

CWE Classification

CWE-470

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Amazon Web Services (AWS)

Product AWS Wrappers for Amazon Aurora PostgreSQL

Version v2.6.5, 2025-10-17, v2.0.1, v1.4.0, v1.0.1

References

{
    "lastseen": "",
    "description": "An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.\n\nWe recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1",
    "published": "2025-11-10T18:09:10.157Z",
    "modified": "2025-11-10T18:35:15.219Z",
    "type": "cve",
    "title": "CVE-2025-12967",
    "source": "AMZN",
    "references": "https://aws.amazon.com/security/security-bulletins/AWS-2025-028/\nhttps://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5\nhttps://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2025-10-17\nhttps://github.com/aws/aws-advanced-python-wrapper/releases/tag/1.4.0\nhttps://github.com/aws/aws-pgsql-odbc/releases/tag/1.0.1\nhttps://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1\nhttps://github.com/aws/aws-advanced-python-wrapper/security/advisories/GHSA-4jvf-wx3f-2x8q\nhttps://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh\nhttps://github.com/aws/aws-pgsql-odbc/security/advisories/GHSA-q327-fgm8-7mxf\nhttps://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9\nhttps://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374",
    "id": "CVE-2025-12967",
    "bulletinFamily": "",
    "cwe": [
        "CWE-470"
    ],
    "cvelist": null,
    "sourceData": "AWS ODBC driver 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JDBC Wrapper",
    "version": "2.6.5",
    "vendor": "AWS",
    "ai_description": "Privilege escalation vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL, allowing low-privilege users to create crafted functions with elevated permissions",
    "ai_severity": "High",
    "ai_vendor": "Amazon Web Services (AWS)",
    "ai_product": "AWS Wrappers for Amazon Aurora PostgreSQL",
    "ai_version": "v2.6.5, 2025-10-17, v2.0.1, v1.4.0, v1.0.1",
    "ai_score": 8.6
}