"Bulletin ID: AWS-2025-028AWS Content Type: Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users."
"Impacted versions: AWS JDBC Wrapper <2.6.5 AWS Go Wrapper <2025-10-17 AWS NodeJS Wrapper <2.0.1 AWS Python Wrapper <1.4.0 AWS ODBC driver <1.0.1 Resolution: We recommend customers upgrade to the following versions: Workarounds: Remove the public schema from the search path. References: Please email aws-security@amazon.com with any security questions or concerns."
CVE-2025-12967 affects AWS Wrappers for Amazon Aurora PostgreSQL and may permit privilege escalation to the rds_superuser role. A low-privilege authenticated user can create a crafted function that executes with the permissions of other Amazon Relational Database Service (RDS) users. Impacted releases include AWS JDBC Wrapper <2.6.5, AWS Go Wrapper <2025-10-17, AWS NodeJS Wrapper <2.0.1, AWS Python Wrapper <1.4.0, and AWS ODBC driver <1.0.1. The recommended remediation is to upgrade affected wrappers to patched versions. A temporary mitigation is to remove the public schema from the search_path. For security questions contact aws-security@amazon.com.
Read at Amazon Web Services, Inc.
Unable to calculate read time
Collection
[
|
...
]