AWS Updates - 2025-11-10

AWS Security Bulletins

Privilege Escalation in Aurora PostgreSQL using AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, AWS PGSQL ODBC driver

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-028/
• Published: 2025-11-10

Bulletin ID: AWS-2025-028
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/10 10:15 AM PDT

Description:

Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL.

We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

Impacted versions:

- AWS JDBC Wrapper <2.6.5
- AWS Go Wrapper <2025-10-17
- AWS NodeJS Wrapper <2.0.1
- AWS Python Wrapper <1.4.0
- AWS ODBC driver <1.0.1