Privilege Escalation in Aurora PostgreSQL using AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, AWS PGSQL ODBC driver

2025 028 ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions AWS JDBC Wrapper <2.6.5, AWS Go Wrapper <2025-10-17, AWS NodeJS Wrapper <2.0.1, AWS Python Wrapper <1.4.0, AWS ODBC driver <1.0.1
Regions all
CVE IDs CVE-2025-12967
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update AWS wrappers for Aurora PostgreSQL to the specified versions to address the privilege escalation vulnerability (CVE-2025-12967) and maintain secure database operations.

For Platform Teams

Deploy the latest versions of AWS wrappers for Aurora PostgreSQL to enhance database security and prevent unauthorized privilege escalation.

For Executives

Implement immediate upgrades to AWS wrappers for Aurora PostgreSQL to mitigate the risk of privilege escalation and ensure database security.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.