CVE-2025-12967
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-12
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | aws_nodejs_wrapper | 2.0.1 |
| amazon | aws_pgsql_odbc_driver | 1.0.1 |
| amazon | aws_jdbc_wrapper | 2.6.5 |
| amazon | aws_python_wrapper | 1.4.0 |
| amazon | aws_go_wrapper | 2025-10-17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-470 | The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL allows a low privilege authenticated user to escalate their privileges to the rds_superuser role by creating a crafted function. This function could then be executed with the permissions of other Amazon RDS users, potentially leading to unauthorized access and control.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing an attacker with low-level access to gain high-level administrative privileges (rds_superuser). This can result in unauthorized data access, modification, or deletion, compromising the confidentiality, integrity, and availability of your Amazon RDS databases.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade to the fixed versions of the affected AWS Wrappers: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.01, AWS Python Wrapper to v1.4.0, and AWS PGSQL ODBC driver to v1.0.1.