Search criteria
18 vulnerabilities by Google Cloud
CVE-2025-12742 (GCVE-0-2025-12742)
Vulnerability from cvelistv5 – Published: 2025-11-25 05:38 – Updated: 2025-11-25 14:39
VLAI?
Summary
A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.108+
* 24.18.200+
* 25.0.78+
* 25.6.65+
* 25.8.47+
* 25.12.10+
* 25.14+
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.108
(custom)
Affected: 0 , < 24.18.200 (custom) Affected: 0 , < 25.0.78 (custom) Affected: 0 , < 25.6.65 (custom) Affected: 0 , < 25.8.47 (custom) Affected: 0 , < 25.12.10 (custom) Affected: 0 , < 25.14 (custom) |
|||||||
|
|||||||||
Credits
Sivanesh Ashok
Sreeram KL
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T14:38:27.546926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:39:05.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.108",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.78",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.65",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.47",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.108",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.78",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.65",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.47",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sivanesh Ashok"
},
{
"lang": "en",
"type": "finder",
"value": "Sreeram KL"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.108+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.200+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.78+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.65+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.47+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.10+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.14+\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.108+\n * 24.18.200+\n * 25.0.78+\n * 25.6.65+\n * 25.8.47+\n * 25.12.10+\n * 25.14+"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T05:38:47.907Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Looker via Teradata JDBC Driver",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12742",
"datePublished": "2025-11-25T05:38:47.907Z",
"dateReserved": "2025-11-05T10:50:53.509Z",
"dateUpdated": "2025-11-25T14:39:05.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12741 (GCVE-0-2025-12741)
Vulnerability from cvelistv5 – Published: 2025-11-24 11:35 – Updated: 2025-11-24 13:13
VLAI?
Summary
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.108+
* 24.18.200+
* 25.0.78+
* 25.6.65+
* 25.8.47+
* 25.12.10+
* 25.14+
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.108
(custom)
Affected: 0 , < 24.18.200 (custom) Affected: 0 , < 25.0.78 (custom) Affected: 0 , < 25.6.65 (custom) Affected: 0 , < 25.8.47 (custom) Affected: 0 , < 25.12.10 (custom) Affected: 0 , < 25.14 (custom) |
|||||||
|
|||||||||
Credits
RyotaK of GMO Flatt Security Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:12:37.681736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:13:17.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.108",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.78",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.65",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.47",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.108",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.78",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.65",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.47",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "RyotaK of GMO Flatt Security Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.108+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.200+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.78+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.65+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.47+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.10+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.14+\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.108+\n * 24.18.200+\n * 25.0.78+\n * 25.6.65+\n * 25.8.47+\n * 25.12.10+\n * 25.14+"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T11:35:33.730Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12741",
"datePublished": "2025-11-24T11:35:33.730Z",
"dateReserved": "2025-11-05T10:50:34.070Z",
"dateUpdated": "2025-11-24T13:13:17.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12740 (GCVE-0-2025-12740)
Vulnerability from cvelistv5 – Published: 2025-11-24 11:30 – Updated: 2025-11-24 13:14
VLAI?
Summary
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 25.0.93+
* 25.6.84+
* 25.12.42+
* 25.14.50+
* 25.16.44+
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 25.0.93
(custom)
Affected: 0 , < 25.6.84 (custom) Affected: 0 , < 25.12.42 (custom) Affected: 0 , < 25.14.50 (custom) Affected: 0 , < 25.16.44 (custom) |
|||||||
|
|||||||||
Credits
RyotaK of GMO Flatt Security Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:13:45.642405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:14:36.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "25.0.93",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.84",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.16.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "25.0.93",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.84",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.14.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.16.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "RyotaK of GMO Flatt Security Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver\u0027s parameters.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.93+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e25.6.84+\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.42+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.14.50+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.16.44+\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver\u0027s parameters.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 25.0.93+\n * 25.6.84+\n\n * 25.12.42+\n * 25.14.50+\n * 25.16.44+"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T11:30:31.958Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Command Execution in Looker via IBM DB2 JDBC drive",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12740",
"datePublished": "2025-11-24T11:30:31.958Z",
"dateReserved": "2025-11-05T10:44:47.390Z",
"dateUpdated": "2025-11-24T13:14:36.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12739 (GCVE-0-2025-12739)
Vulnerability from cvelistv5 – Published: 2025-11-24 09:11 – Updated: 2025-11-24 13:43
VLAI?
Summary
An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.18.201+
* 25.0.79+
* 25.6.66+
* 25.12.7+
* 25.16.0+
* 25.18.0+
* 25.20.0+
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.18.201
(custom)
Affected: 0 , < 25.0.79 (custom) Affected: 0 , < 25.6.66 (custom) Affected: 0 , < 25.12.7 (custom) Affected: 0 , < 25.16.0 (custom) Affected: 0 , < 25.18.0 (custom) Affected: 0 , < 25.20.0 (custom) |
|||||||
|
|||||||||
Credits
Sivanesh Ashok
Sreeram KL
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:18:11.065484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:43:54.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.18.201",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.79",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.66",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.18.201",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.79",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.66",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sivanesh Ashok"
},
{
"lang": "en",
"type": "finder",
"value": "Sreeram KL"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.201+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.79+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.66+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.7+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.16.0+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.18.0+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.20.0+\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.18.201+\n * 25.0.79+\n * 25.6.66+\n * 25.12.7+\n * 25.16.0+\n * 25.18.0+\n * 25.20.0+"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T09:11:38.396Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-068"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) in Looker\u0027s Extension Loader leading to Admin Account Compromise",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12739",
"datePublished": "2025-11-24T09:11:38.396Z",
"dateReserved": "2025-11-05T10:43:57.797Z",
"dateUpdated": "2025-11-24T13:43:54.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12414 (GCVE-0-2025-12414)
Vulnerability from cvelistv5 – Published: 2025-11-20 10:32 – Updated: 2025-11-20 14:36
VLAI?
Summary
An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.100+
* 24.18.193+
* 25.0.69+
* 25.6.57+
* 25.8.39+
* 25.10.22+
* 25.12.0+
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.100
(custom)
Affected: 0 , < 24.18.193 (custom) Affected: 0 , < 25.0.69 (custom) Affected: 0 , < 25.6.57 (custom) Affected: 0 , < 25.8.39 (custom) Affected: 0 , < 25.10.22 (custom) Affected: 0 , < 25.12.0 (custom) |
|||||||
|
|||||||||
Credits
Sivanesh Ashok
Sreeram KL
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T14:36:28.073782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T14:36:38.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.100",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.193",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.69",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.57",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.39",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.100",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.18.193",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.69",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.6.57",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.8.39",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sivanesh Ashok"
},
{
"lang": "en",
"type": "finder",
"value": "Sreeram KL"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.\u003cdiv\u003e\u003cdiv\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003e\u003cbr\u003eThis issue has already been mitigated for Looker-hosted.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\u003cbr\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e24.12.100+\u003c/li\u003e\u003cli\u003e24.18.193+\u003c/li\u003e\u003cli\u003e25.0.69+\u003c/li\u003e\u003cli\u003e25.6.57+\u003c/li\u003e\u003cli\u003e25.8.39+\u003c/li\u003e\u003cli\u003e25.10.22+\u003c/li\u003e\u003cli\u003e25.12.0+\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable.\n\nThis issue has already been mitigated for Looker-hosted.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.100+\n * 24.18.193+\n * 25.0.69+\n * 25.6.57+\n * 25.8.39+\n * 25.10.22+\n * 25.12.0+"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T10:32:52.463Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#GCP-2025-067"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Looker account compromise via punycode homograph attack",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12414",
"datePublished": "2025-11-20T10:32:52.463Z",
"dateReserved": "2025-10-28T15:40:31.760Z",
"dateUpdated": "2025-11-20T14:36:38.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12743 (GCVE-0-2025-12743)
Vulnerability from cvelistv5 – Published: 2025-11-19 16:41 – Updated: 2025-11-19 18:47
VLAI?
Summary
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT queries that are constructed and executed against the internal MySQL database. This vulnerability allows users with developer permissions to extract data from Looker's internal MySQL database.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect against this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.106
* 24.18.198+
* 25.0.75
* 25.6.63+
* 25.8.45+
* 25.10.33+
* 25.12.1+
* 25.14+
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.106
(date)
Affected: 0 , < 24.18.198 (date) Affected: 0 , < 25.0.75 (date) Affected: 0 , < 25.6.63 (date) Affected: 0 , < 25.8.45 (date) Affected: 0 , < 25.10.33 (date) Affected: 0 , < 25.12.1 (date) Affected: 0 , < 25.14 (date) |
|||||||
|
|||||||||
Credits
Liv Matan from Tenable
Tomas Lažauninkas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:47:06.246892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:47:37.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.106",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.198",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.75",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.63",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.45",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.33",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.12.1",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.106",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.198",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.75",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.63",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.45",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.33",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.12.1",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.14",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liv Matan from Tenable"
},
{
"lang": "en",
"type": "finder",
"value": "Tomas La\u017eauninkas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Looker endpoint for generating new projects from database connections allows users to specify \"looker\" as a connection name, which is a reserved internal name for Looker\u0027s internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT queries that are constructed and executed against the internal MySQL database. This vulnerability allows users with developer permissions to extract data from Looker\u0027s internal MySQL database.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect against this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.106\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.198+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.75\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.63+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.45+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.10.33+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.1+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.14+\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "The Looker endpoint for generating new projects from database connections allows users to specify \"looker\" as a connection name, which is a reserved internal name for Looker\u0027s internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT queries that are constructed and executed against the internal MySQL database. This vulnerability allows users with developer permissions to extract data from Looker\u0027s internal MySQL database.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect against this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.106\n * 24.18.198+\n * 25.0.75\n * 25.6.63+\n * 25.8.45+\n * 25.10.33+\n * 25.12.1+\n * 25.14+"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:41:30.639Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
},
{
"url": "https://www.tenable.com/security/research/tra-2025-43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12743",
"datePublished": "2025-11-19T16:41:30.639Z",
"dateReserved": "2025-11-05T10:51:12.658Z",
"dateUpdated": "2025-11-19T18:47:37.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12472 (GCVE-0-2025-12472)
Vulnerability from cvelistv5 – Published: 2025-11-19 10:27 – Updated: 2025-11-19 16:24
VLAI?
Summary
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.103+
* 24.18.195+
* 25.0.72+
* 25.6.60+
* 25.8.42+
* 25.10.22+
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.103
(date)
Affected: 0 , < 24.18.195 (date) Affected: 0 , < 25.0.72 (date) Affected: 0 , < 25.6.60 (date) Affected: 0 , < 25.8.42 (date) Affected: 0 , < 25.10.22 (date) |
|||||||
|
|||||||||
Credits
RyotaK of GMO Flatt Security Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:20:20.583208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:24:04.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.103",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.195",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.72",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.60",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.42",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.103",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.195",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.72",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.60",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.42",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "RyotaK of GMO Flatt Security Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003c/div\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.103+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.195+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.72+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.60+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.42+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.10.22+\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.\n\n\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.103+\n * 24.18.195+\n * 25.0.72+\n * 25.6.60+\n * 25.8.42+\n * 25.10.22+"
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T10:27:56.520Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Looker due to Improperly Validated Directory Deletion",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12472",
"datePublished": "2025-11-19T10:27:56.520Z",
"dateReserved": "2025-10-29T15:56:30.205Z",
"dateUpdated": "2025-11-19T16:24:04.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12405 (GCVE-0-2025-12405)
Vulnerability from cvelistv5 – Published: 2025-11-10 09:27 – Updated: 2025-11-10 12:50
VLAI?
Summary
An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors.
A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attached to the report.
This vulnerability was patched on 21 July 2025, and no customer action is needed.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Looker Studio |
Affected:
0 , < 2025-07-21
(date)
|
Credits
Liv Matan from Tenable.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T12:50:48.519794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T12:50:57.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Looker Studio",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-07-21",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liv Matan from Tenable."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper privilege management vulnerability was found in Looker Studio.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt impacted all JDBC-based connectors.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eA Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attached to the report.\u003cbr\u003e\u003cbr\u003eThis vulnerability was patched on 21 July 2025, and no customer action is needed.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "An improper privilege management vulnerability was found in Looker Studio.\u00a0It impacted all JDBC-based connectors.\n\nA Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attached to the report.\n\nThis vulnerability was patched on 21 July 2025, and no customer action is needed."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T09:27:45.471Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-053"
},
{
"url": "https://www.tenable.com/security/research/tra-2025-29"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized access through stored credentials in Looker Studio",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12405",
"datePublished": "2025-11-10T09:27:45.471Z",
"dateReserved": "2025-10-28T14:51:58.029Z",
"dateUpdated": "2025-11-10T12:50:57.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12409 (GCVE-0-2025-12409)
Vulnerability from cvelistv5 – Published: 2025-11-10 08:59 – Updated: 2025-11-10 15:16
VLAI?
Summary
A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources.
By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's permissions in BigQuery.
This vulnerability was patched on 07 July 2025, and no customer action is needed.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Looker Studio |
Affected:
0 , < 2025-07-07
(date)
|
Credits
Liv Matan from Tenable.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T15:14:54.971898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:16:16.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Looker Studio",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-07-07",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liv Matan from Tenable."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources.\u003cbr\u003e \u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBy creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim\u0027s permissions in BigQuery.\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003eThis vulnerability was patched on 07 July 2025, and no customer action is needed.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources.\n \nBy creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim\u0027s permissions in BigQuery.\n\nThis vulnerability was patched on 07 July 2025, and no customer action is needed."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T09:29:08.084Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-053"
},
{
"url": "https://www.tenable.com/security/research/tra-2025-27"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Looker Studio",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12409",
"datePublished": "2025-11-10T08:59:15.899Z",
"dateReserved": "2025-10-28T15:17:15.305Z",
"dateUpdated": "2025-11-10T15:16:16.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12397 (GCVE-0-2025-12397)
Vulnerability from cvelistv5 – Published: 2025-11-10 08:55 – Updated: 2025-11-10 15:17
VLAI?
Summary
A SQL injection vulnerability was found in Looker Studio.
A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source.
This vulnerability was patched on 21 July 2025, and no customer action is needed.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Looker Studio |
Affected:
0 , < 2025-07-21
(date)
|
Credits
Liv Matan from Tenable.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T15:16:51.901726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:17:03.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Looker Studio",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-07-21",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liv Matan from Tenable."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA SQL injection vulnerability was found in Looker Studio.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Looker Studio user with report view access could inject malicious SQL that would execute with the report owner\u0027s permissions. The vulnerability affected to reports with BigQuery as the data source.\u003cbr\u003e\u003cbr\u003eThis vulnerability was patched on 21 July 2025, and no customer action is needed.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "A SQL injection vulnerability was found in Looker Studio.\n\nA Looker Studio user with report view access could inject malicious SQL that would execute with the report owner\u0027s permissions. The vulnerability affected to reports with BigQuery as the data source.\n\nThis vulnerability was patched on 21 July 2025, and no customer action is needed."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T09:25:36.570Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-053"
},
{
"url": "https://www.tenable.com/security/research/tra-2025-28"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Looker Studio",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12397",
"datePublished": "2025-11-10T08:55:05.196Z",
"dateReserved": "2025-10-28T13:53:53.348Z",
"dateUpdated": "2025-11-10T15:17:03.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12155 (GCVE-0-2025-12155)
Vulnerability from cvelistv5 – Published: 2025-11-10 08:49 – Updated: 2025-11-10 15:18
VLAI?
Summary
A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.100+
* 24.18.192+
* 25.0.69+
* 25.6.57+
* 25.8.39+
* 25.10.22+
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
0 , < 24.12.100
(date)
Affected: 0 , < 24.18.192 (date) Affected: 0 , < 25.0.69 (date) Affected: 0 , < 25.6.57 (date) Affected: 0 , < 25.8.39 (date) Affected: 0 , < 25.10.22 (date) |
|||||||
|
|||||||||
Credits
Tomas Lažauninkas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T15:17:21.647576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:18:43.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Looker-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.100",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.192",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.69",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.57",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.39",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Self-hosted"
],
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "24.12.100",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "24.18.192",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.0.69",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.6.57",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.8.39",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"lessThan": "25.10.22",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomas La\u017eauninkas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted\u0026nbsp;instances. No user action is required for these.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.100+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.192+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.69+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.57+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.39+\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.10.22+\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted\u00a0instances. No user action is required for these.\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :\n * 24.12.100+\n * 24.18.192+\n * 25.0.69+\n * 25.6.57+\n * 25.8.39+\n * 25.10.22+"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T08:49:45.811Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in Looker",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-12155",
"datePublished": "2025-11-10T08:49:45.811Z",
"dateReserved": "2025-10-24T13:07:55.182Z",
"dateUpdated": "2025-11-10T15:18:43.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11915 (GCVE-0-2025-11915)
Vulnerability from cvelistv5 – Published: 2025-10-22 09:13 – Updated: 2025-10-23 09:23
VLAI?
Summary
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.
Severity ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Google Cloud | Vertex AI: Partner Models for MaaS |
Affected:
0 , < 2025-09-26
(date)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:54:15.699505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:54:26.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"https://cloud.google.com/vertex-ai/generative-ai/docs/partner-models/use-partner-models"
],
"product": "Vertex AI: Partner Models for MaaS",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-09-26",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"https://cloud.google.com/vertex-ai/generative-ai/docs/maas/use-open-models"
],
"product": "Vertex AI: Open Models for MaaS",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-09-28",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"https://cloud.google.com/vertex-ai/generative-ai/docs/model-garden/self-deployed-models"
],
"product": "Vertex AI: Self-Deployed Models",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-09-28",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConnection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T09:23:21.342Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2025-059"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "HTTP Desynchronisation in Vertex AI for certain third-party models",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-11915",
"datePublished": "2025-10-22T09:13:24.601Z",
"dateReserved": "2025-10-17T13:16:40.480Z",
"dateUpdated": "2025-10-23T09:23:21.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9918 (GCVE-0-2025-9918)
Vulnerability from cvelistv5 – Published: 2025-09-11 07:37 – Updated: 2025-09-11 12:28
VLAI?
Summary
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Google SecOps SOAR |
Affected:
0 , < 6.3.54.0
(custom)
Affected: 0 , < 6.3.53.2 (custom) |
Credits
Jakub Domeracki
Tomas Lažauninkas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T12:28:07.109219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T12:28:15.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Google SecOps SOAR",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "6.3.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.3.53.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jakub Domeracki"
},
{
"lang": "en",
"type": "reporter",
"value": "Tomas La\u017eauninkas"
}
],
"datePublic": "2025-09-04T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T07:37:50.010Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloud.google.com/support/bulletins?gcp-2025-049"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zip Slip in Google SecOps SOAR allows for Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-9918",
"datePublished": "2025-09-11T07:37:50.010Z",
"dateReserved": "2025-09-03T10:53:44.603Z",
"dateUpdated": "2025-09-11T12:28:15.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9118 (GCVE-0-2025-9118)
Vulnerability from cvelistv5 – Published: 2025-08-25 07:05 – Updated: 2025-08-25 13:48
VLAI?
Summary
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Dataform |
Affected:
08/7/2025 , < 08/21/2025
(date)
|
Credits
Tomas Lažauninkas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T13:48:33.179201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T13:48:40.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dataform",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "08/21/2025",
"status": "affected",
"version": "08/7/2025",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomas La\u017eauninkas"
}
],
"datePublic": "2025-08-21T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers\u0027 repositories via a maliciously crafted package.json file."
}
],
"value": "A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers\u0027 repositories via a maliciously crafted package.json file."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T07:05:31.047Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloud.devsite.corp.google.com/dataform/docs/security-bulletins#gcp-2025-045"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dataform Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2025-9118",
"datePublished": "2025-08-25T07:05:31.047Z",
"dateReserved": "2025-08-18T15:08:00.732Z",
"dateUpdated": "2025-08-25T13:48:40.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4600 (GCVE-0-2025-4600)
Vulnerability from cvelistv5 – Published: 2025-05-16 13:47 – Updated: 2025-09-08 09:48
VLAI?
Summary
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.
Severity ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Classic Application Load Balancer |
Affected:
0
|
Credits
Jeppe Bonde Weikop
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T14:54:15.295181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:54:22.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Classic Application Load Balancer",
"vendor": "Google Cloud",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jeppe Bonde Weikop"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.\u003cbr\u003e"
}
],
"value": "A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T09:48:16.572Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/support/bulletins#gcp-2025-027"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-4600",
"datePublished": "2025-05-16T13:47:45.266Z",
"dateReserved": "2025-05-12T17:25:11.459Z",
"dateUpdated": "2025-09-08T09:48:16.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0982 (GCVE-0-2025-0982)
Vulnerability from cvelistv5 – Published: 2025-02-06 11:37 – Updated: 2025-02-12 19:51
VLAI?
Summary
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Application Integration |
Affected:
0
|
Credits
Tomas Lažauninkas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T13:56:47.082802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:10.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Application Integration",
"vendor": "Google Cloud",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomas La\u017eauninkas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed."
}
],
"value": "Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T09:37:27.575Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/application-integration/docs/release-notes#January_23_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Sandbox Escape in Google Cloud Application Integration\u0027s JavaScript Task (Rhino Engine)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-0982",
"datePublished": "2025-02-06T11:37:57.460Z",
"dateReserved": "2025-02-03T10:57:57.923Z",
"dateUpdated": "2025-02-12T19:51:10.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9858 (GCVE-0-2024-9858)
Vulnerability from cvelistv5 – Published: 2024-10-16 08:43 – Updated: 2024-10-16 16:24
VLAI?
Summary
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Migrate to Containers |
Affected:
1.1.0 , ≤ 1.2.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google_cloud:migrate_to_containers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "migrate_to_containers",
"vendor": "google_cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T16:19:21.189547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:24:16.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Migrate to Containers",
"vendor": "Google Cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u0026nbsp;administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.2.3 or beyond\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u00a0administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u00a01.2.3 or beyond"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/S:P/AU:Y/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T08:43:51.015Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure user permissions in Google Cloud Migrate to Containers for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-9858",
"datePublished": "2024-10-16T08:43:51.015Z",
"dateReserved": "2024-10-11T11:17:41.006Z",
"dateUpdated": "2024-10-16T16:24:16.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5166 (GCVE-0-2024-5166)
Vulnerability from cvelistv5 – Published: 2024-05-22 16:11 – Updated: 2024-08-01 21:03
VLAI?
Summary
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
Severity ?
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Looker |
Affected:
23.18
Affected: 23.20 Affected: 24.0 Affected: 24.2 Affected: 24.4 Affected: 24.6 Affected: 24.8 Affected: 24.10 Affected: 24.12 Affected: 24.14 Affected: 24.16 Affected: 24.18 Affected: 24.20 |
Credits
Ionut Cernica with the UiPath Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:50:49.820213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:48.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/looker/docs/best-practices/query-id-update-instructions"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"status": "affected",
"version": "23.18"
},
{
"status": "affected",
"version": "23.20"
},
{
"status": "affected",
"version": "24.0"
},
{
"status": "affected",
"version": "24.2"
},
{
"status": "affected",
"version": "24.4"
},
{
"status": "affected",
"version": "24.6"
},
{
"status": "affected",
"version": "24.8"
},
{
"status": "affected",
"version": "24.10"
},
{
"status": "affected",
"version": "24.12"
},
{
"status": "affected",
"version": "24.14"
},
{
"status": "affected",
"version": "24.16"
},
{
"status": "affected",
"version": "24.18"
},
{
"status": "affected",
"version": "24.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ionut Cernica with the UiPath Security Team"
}
],
"datePublic": "2024-02-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eAn Insecure Direct Object Reference in Google Cloud\u0027s Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Insecure Direct Object Reference in Google Cloud\u0027s Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T07:39:35.917Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/looker/docs/best-practices/query-id-update-instructions"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference In Looker",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-5166",
"datePublished": "2024-05-22T16:11:55.740Z",
"dateReserved": "2024-05-21T09:50:35.869Z",
"dateUpdated": "2024-08-01T21:03:10.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}