Bulletin ID: AWS-2025-028 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT Description - Vulnerability identified: CVE-2025-12967 - Issue in AWS Wrappers for Amazon Aurora PostgreSQL, allowing low privilege authenticated users to escalate privileges to rds_superuser role through crafted functions. Impacted Versions - AWS JDBC Wrapper <2.6.5 - AWS Go Wrapper <2025-10-17 - AWS NodeJS Wrapper <2.0.1 - AWS Python Wrapper <1.4.0 - AWS PGSQL ODBC driver <1.0.1 Resolution - Upgrade to the following versions: - AWS JDBC Wrapper to v2.6.5 - AWS Go Wrapper to 2025-10-17 - AWS NodeJS Wrapper to v2.0.1 - AWS Python Wrapper to v1.4.0 - AWS PGSQL ODBC driver to v1.0.1 Workarounds - Remove the public schema from the search path. References - CVE-2025-12967 - GHSA-4jvf-wx3f-2x8q - GHSA-7xw4-g7mm-r4hh - GHSA-q327-fqm-7mxg - GHSA-7wq2-32h4-9hc9 - GHSA-8wj8-cfxr-9374 Security Contact: aws-security@amazon.com