csaf_certbund - wid-sec-w-2025-2661

WID-SEC-W-2025-2661

Vulnerability from csaf_certbund - Published: 2025-11-23 23:00 - Updated: 2025-11-24 23:00

Summary

Google Cloud Platform (Looker): Schwachstelle ermöglicht Ausführen von beliebigem Programmcode

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Google Cloud Platform (GCP) ist eine Sammlung von Cloud-Computing-Diensten von Google, die Infrastruktur, Datenanalyse, maschinelles Lernen und Entwicklungstools bietet. Unternehmen können dadurch Anwendungen in der Cloud zu aufbauen und skalierbar bereitzustellen.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Google Cloud Platform (Looker) ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Google Cloud Platform (GCP) ist eine Sammlung von Cloud-Computing-Diensten von Google, die Infrastruktur, Datenanalyse, maschinelles Lernen und Entwicklungstools bietet. Unternehmen k\u00f6nnen dadurch Anwendungen in der Cloud zu aufbauen und skalierbar bereitzustellen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Google Cloud Platform (Looker) ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2661 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2661.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2661 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2661"
      },
      {
        "category": "external",
        "summary": "Google Cloud Platform Security Advisory GCP-2025-068 vom 2025-11-23",
        "url": "https://cloud.google.com/support/bulletins#gcp-2025-068"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Cloud Platform (Looker): Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode",
    "tracking": {
      "current_release_date": "2025-11-24T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-25T08:37:20.393+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2661",
      "initial_release_date": "2025-11-23T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-23T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-198626"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cLooker 25.16.0",
                "product": {
                  "name": "Google Cloud Platform \u003cLooker 25.16.0",
                  "product_id": "T048836"
                }
              },
              {
                "category": "product_version",
                "name": "Looker 25.16.0",
                "product": {
                  "name": "Google Cloud Platform Looker 25.16.0",
                  "product_id": "T048836-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:cloud_platform:looker_25.16.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cLooker 25.12.7",
                "product": {
                  "name": "Google Cloud Platform \u003cLooker 25.12.7",
                  "product_id": "T048837"
                }
              },
              {
                "category": "product_version",
                "name": "Looker 25.12.7",
                "product": {
                  "name": "Google Cloud Platform Looker 25.12.7",
                  "product_id": "T048837-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:cloud_platform:looker_25.12.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cLooker 25.6.66",
                "product": {
                  "name": "Google Cloud Platform \u003cLooker 25.6.66",
                  "product_id": "T048838"
                }
              },
              {
                "category": "product_version",
                "name": "Looker 25.6.66",
                "product": {
                  "name": "Google Cloud Platform Looker 25.6.66",
                  "product_id": "T048838-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:cloud_platform:looker_25.6.66"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cLooker 25.0.79",
                "product": {
                  "name": "Google Cloud Platform \u003cLooker 25.0.79",
                  "product_id": "T048839"
                }
              },
              {
                "category": "product_version",
                "name": "Looker 25.0.79",
                "product": {
                  "name": "Google Cloud Platform Looker 25.0.79",
                  "product_id": "T048839-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:cloud_platform:looker_25.0.79"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cLooker 24.18.20",
                "product": {
                  "name": "Google Cloud Platform \u003cLooker 24.18.20",
                  "product_id": "T048840"
                }
              },
              {
                "category": "product_version",
                "name": "Looker 24.18.20",
                "product": {
                  "name": "Google Cloud Platform Looker 24.18.20",
                  "product_id": "T048840-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:cloud_platform:looker_24.18.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Cloud Platform"
          }
        ],
        "category": "vendor",
        "name": "Google"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12739",
      "product_status": {
        "known_affected": [
          "T048836",
          "T048839",
          "T048838",
          "T048837",
          "T048840"
        ]
      },
      "release_date": "2025-11-23T23:00:00.000+00:00",
      "title": "CVE-2025-12739"
    }
  ]
}

CVE-2025-12739 (GCVE-0-2025-12739)

Vulnerability from cvelistv5 – Published: 2025-11-24 09:11 – Updated: 2025-11-24 13:43

Title

Cross-Site Scripting (XSS) in Looker's Extension Loader leading to Admin Account Compromise

Summary

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.18.201+ * 25.0.79+ * 25.6.66+ * 25.12.7+ * 25.16.0+ * 25.18.0+ * 25.20.0+

Severity ?

7.3 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

GoogleCloud

References

URL

Tags

https://cloud.google.com/support/bulletins#gcp-2025-068

Impacted products

Vendor

Product

Version

Google Cloud

Looker

Affected: 0 , < 24.18.201 (custom)
Affected: 0 , < 25.0.79 (custom)
Affected: 0 , < 25.6.66 (custom)
Affected: 0 , < 25.12.7 (custom)
Affected: 0 , < 25.16.0 (custom)
Affected: 0 , < 25.18.0 (custom)
Affected: 0 , < 25.20.0 (custom)

Google Cloud

Looker

Credits

Sivanesh Ashok Sreeram KL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T13:18:11.065484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T13:43:54.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Looker-hosted"
          ],
          "product": "Looker",
          "vendor": "Google Cloud",
          "versions": [
            {
              "lessThan": "24.18.201",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.0.79",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.6.66",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.12.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.18.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.20.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Self-hosted"
          ],
          "product": "Looker",
          "vendor": "Google Cloud",
          "versions": [
            {
              "lessThan": "24.18.201",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.0.79",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.6.66",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.12.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.18.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "25.20.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sivanesh Ashok"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sreeram KL"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance.\u003cbr\u003e\u003cbr\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.201+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.79+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.66+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.12.7+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.16.0+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.18.0+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.20.0+\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page  https://download.looker.com/ :  *  24.18.201+\n  *  25.0.79+\n  *  25.6.66+\n  *  25.12.7+\n  *  25.16.0+\n  *  25.18.0+\n  *  25.20.0+"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T09:11:38.396Z",
        "orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
        "shortName": "GoogleCloud"
      },
      "references": [
        {
          "url": "https://cloud.google.com/support/bulletins#gcp-2025-068"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Cross-Site Scripting (XSS) in Looker\u0027s Extension Loader leading to Admin Account Compromise",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
    "assignerShortName": "GoogleCloud",
    "cveId": "CVE-2025-12739",
    "datePublished": "2025-11-24T09:11:38.396Z",
    "dateReserved": "2025-11-05T10:43:57.797Z",
    "dateUpdated": "2025-11-24T13:43:54.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2661

CVE-2025-12739 (GCVE-0-2025-12739)

Tags

Sightings

Nomenclature