CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-12967

lowcovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: AWS-2025-028 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS JDBC Wrapper <2.6.5 - AWS Go Wrapper <2025-10-17 - AWS NodeJS Wrapper <2.0.1 - AWS Python Wrapper <1.4.0 - AWS ODBC driver <1.0.1

CSIRTS triage

vendor: Amazonproduct: Aurora PostgreSQLPrivilege escalationaffected: AWS JDBC Wrapper <2.6.5, AWS Go Wrapper <2025-10-17, AWS NodeJS Wrapper <2.0.1, AWS Python Wrapper <1.4.0, AWS ODBC driver <1.0.1
What
An issue may allow for privilege escalation to the rds_superuser role.
Who is affected
Low privilege authenticated users of the specified AWS wrappers.
Urgency
Remediation is important due to the potential for privilege escalation.
Action
Upgrade to versions equal to or greater than the specified thresholds.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-12967

Get an email if CVE-2025-12967 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-12967

CVE.org record

Embed the live status

CVE-2025-12967 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-12967 status](https://www.csirts.com/badge/CVE-2025-12967)](https://www.csirts.com/cve/CVE-2025-12967)