Bulletin ID: AWS-2025-028** Scope: AWS Content Type:** Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT ** Description:**
Amazon Aurora PostgreSQL a fully managed relational database engine that’s compatible with PostgreSQL.
We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
Impacted versions:
- AWS JDBC Wrapper <2.6.5
- AWS Go Wrapper <2025-10-17
- AWS NodeJS Wrapper <2.0.1
- AWS Python Wrapper <1.4.0
- AWS ODBC driver <1.0.1 …
Bulletin ID: AWS-2025-028** Scope: AWS Content Type:** Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT ** Description:**
Amazon Aurora PostgreSQL a fully managed relational database engine that’s compatible with PostgreSQL.
We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
Impacted versions:
- AWS JDBC Wrapper <2.6.5
- AWS Go Wrapper <2025-10-17
- AWS NodeJS Wrapper <2.0.1
- AWS Python Wrapper <1.4.0
- AWS ODBC driver <1.0.1
Resolution:
We recommend customers upgrade to the following versions:
- AWS JDBC Wrapper to v2.6.5
- AWS Go Wrapper to 2025-10-17
- AWS NodeJS Wrapper to v2.0.1
- AWS Python Wrapper to v1.4.0
- AWS PGSQL ODBC driver to v1.0.1
Workarounds:
Remove the public schema from the search path.
References:
- CVE-2025-12967
- GHSA-4jvf-wx3f-2x8q
- GHSA-7xw4-g7mm-r4hh
- GHSA-q327-fgm8-7mxf
- GHSA-7wq2-32h4-9hc9
- GHSA-8wj8-cfxr-9374
Please email aws-security@amazon.com with any security questions or concerns.