SQL Injection in Looker Studio_CVE-2025-12397

7.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear

Description

A SQL injection vulnerability was found in Looker Studio.

A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source.

This vulnerability was patched on 21 July 2025, and no customer action is needed.

Basic Information

ID CVE-2025-12397

Source GoogleCloud

Published Nov 10, 2025 at 08:55

Affected Product

Vendor Google Cloud

Product Looker Studio

Affected Versions Google Cloud Looker Studio 0

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "A SQL injection vulnerability was found in Looker Studio.\n\nA Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source.\n\nThis vulnerability was patched on 21 July 2025, and no customer action is needed.",
    "published": "2025-11-10T08:55:05.196Z",
    "modified": "2025-11-10T08:55:05.196Z",
    "type": "cve",
    "title": "SQL Injection in Looker Studio",
    "source": "GoogleCloud",
    "references": "https://cloud.google.com/support/bulletins#gcp-2025-053\nhttps://www.tenable.com/security/research/tra-2025-28",
    "id": "CVE-2025-12397",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud Looker Studio 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Looker Studio",
    "version": "0",
    "vendor": "Google Cloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}