Cybersecurity Vulnerabilities

Critical SQL Injection Vulnerability in Looker: Secure Your Self-Hosted Instances (CVE-2025-12743)

November 19, 2025 - By 

Overview

A critical SQL injection vulnerability, identified as CVE-2025-12743, has been discovered in Looker. This flaw affects both Looker-hosted and self-hosted instances, though Looker-hosted instances have already been automatically mitigated. This article details the vulnerability, its potential impact, and the necessary steps to secure your self-hosted Looker deployments.

Technical Details

The vulnerability resides in the Looker endpoint used for generating new projects from database connections. It allows users to specify “looker” as a connection name, a reserved internal name for Looker’s internal MySQL database. The schemas parameter is vulnerable to SQL injection. Exploitation allows attackers with developer permissions to manipulate SELECT queries constructed and executed against the internal MySQL database. This enables the extraction of sensitive data from Looker’s internal database.

CVSS Analysis

Currently, a CVSS score and severity level are not available for CVE-2025-12743. However, the potential for data exfiltration from Looker’s internal MySQL database indicates a high-risk vulnerability. It is crucial to address this issue promptly.

Possible Impact

Successful exploitation of this SQL injection vulnerability could lead to:

  • Data Breach: Sensitive information stored within Looker’s internal MySQL database could be exposed.
  • Privilege Escalation: Attackers might be able to leverage the extracted data to gain further access to the Looker system or other connected systems.
  • Reputational Damage: A security breach could severely damage an organization’s reputation and customer trust.

Mitigation and Patch Steps

Important: This issue has already been mitigated for Looker-hosted instances. No user action is required for these.

Self-hosted instances MUST be upgraded immediately. This vulnerability has been patched in all supported versions of Self-hosted Looker.

Download and install one of the following updated versions from the Looker download page:

  • 24.12.106
  • 24.18.198+
  • 25.0.75
  • 25.6.63+
  • 25.8.45+
  • 25.10.33+
  • 25.12.1+
  • 25.14+

Ensure you follow the official Looker upgrade documentation for a smooth and secure update process.

References

Google Cloud Security Bulletin – GCP-2025-052
Tenable Research Advisory – TRA-2025-43
NIST NVD – CVE-2025-12743

Published: 2025-11-19T17:15:46.003

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *