Vulnerability in Aws Go Wrapper
CVE-2025-12967
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relati…
EPSS: 0.002 (45.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Aws Go Wrapper — versions 2025-10-17
- Aws Jdbc Wrapper — versions 2.6.5
- Aws Nodejs Wrapper — versions 2.0.1
- Aws Odbc Driver — versions 1.0.1
- Aws Python Wrapper — versions 1.4.0
Weakness classification (CWE)
References
- aws.amazon.com/security/security-bulletins/AWS-2025-028/ (vendor-advisory)
- github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5 (patch)
- github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2025-10-17 (patch)
- github.com/aws/aws-advanced-python-wrapper/releases/tag/1.4.0 (patch)
- github.com/aws/aws-pgsql-odbc/releases/tag/1.0.1 (patch)
- github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1 (patch)
- github.com/aws/aws-advanced-python-wrapper/security/advisories/GHSA-4jvf-wx3f-2… (vendor-advisory)
- github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh (vendor-advisory)
- github.com/aws/aws-pgsql-odbc/security/advisories/GHSA-q327-fgm8-7mxf (vendor-advisory)
- github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9 (vendor-advisory)
Frequently asked questions
- What is CVE-2025-12967?
- CVE-2025-12967 is a high-severity vulnerability in Aws Go Wrapper, classified under Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection). CVSS score: 8.0/10. Published 2025-11-10.
- How severe is CVE-2025-12967?
- High severity. CVSS v3 base score is 8.0 out of 10.