CVE-2025-12967

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-12967

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12967.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-12967

Aliases

GHSA-4jvf-wx3f-2x8q

Related

Published

2025-11-10T18:16:06.043Z

Modified

2026-04-02T12:32:55.635239Z

Severity

8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

References

Affected packages

Git / github.com/aws/aws-advanced-go-wrapper

Affected ranges

Type: GIT
Repo: https://github.com/aws/aws-advanced-go-wrapper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a9c83b30a5cb7dbd4a2aa812da1d6dd6fa264d6a

Type: GIT
Repo: https://github.com/aws/aws-advanced-jdbc-wrapper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

213c5f857c3752a71683dd1c9417389a6a076229

Type: GIT
Repo: https://github.com/aws/aws-advanced-nodejs-wrapper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

741fc89e941134d8932b1af9e5dba7543561c1fd

Type: GIT
Repo: https://github.com/aws/aws-advanced-python-wrapper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f74ee35bf3c732d7c65fec3869457f3e8fb43d62

Type: GIT
Repo: https://github.com/aws/aws-pgsql-odbc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

804fef474cb51bb0798a93464cc1f85455f27288

Affected versions

0.*

0.1.0

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.2.0

1.3.0

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.6

2.6.7

2.6.8

3.*

3.0.0

3.1.0

3.2.0

3.3.0

auth-helpers/v1.*

auth-helpers/v1.0.0

auth-helpers/v1.0.1

auth-helpers/v1.0.3

auth-helpers/v1.0.4

auth-helpers/v1.0.5

aws-secrets-manager/v1.*

aws-secrets-manager/v1.0.0

aws-secrets-manager/v1.0.1

aws-secrets-manager/v1.0.3

aws-secrets-manager/v1.0.4

aws-secrets-manager/v1.1.0

awssql/v1.*

awssql/v1.0.0

awssql/v1.1.0

awssql/v1.2.0

awssql/v1.3.0

awssql/v1.4.0

custom-endpoint/v1.*

custom-endpoint/v1.0.0

custom-endpoint/v1.0.1

custom-endpoint/v1.0.2

federated-auth/v1.*

federated-auth/v1.0.0

federated-auth/v1.0.1

federated-auth/v1.0.3

federated-auth/v1.0.4

federated-auth/v1.0.5

iam/v1.*

iam/v1.0.0

iam/v1.0.1

iam/v1.0.3

iam/v1.0.4

iam/v1.0.5

mysql-driver/v1.*

mysql-driver/v1.0.0

mysql-driver/v1.0.1

mysql-driver/v1.0.3

mysql-driver/v1.0.4

mysql-driver/v1.0.5

okta/v1.*

okta/v1.0.0

okta/v1.0.1

okta/v1.0.3

okta/v1.0.4

okta/v1.0.5

otlp/v1.*

otlp/v1.0.0

otlp/v1.0.1

otlp/v1.0.3

otlp/v1.0.4

otlp/v1.0.5

pgx-driver/v1.*

pgx-driver/v1.0.0

pgx-driver/v1.0.1

pgx-driver/v1.0.3

pgx-driver/v1.0.4

pgx-driver/v1.0.5

Other

release-2025-07-31

release-2025-10-08

release-2025-12-04

release-2025-12-16

release-2026-02-03

xray/v1.*

xray/v1.0.0

xray/v1.0.1

xray/v1.0.3

xray/v1.0.4

xray/v1.0.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12967.json"