CVE-2025-12397 HIGH

CVE-2025-12397: SQL Injection in Looker Studio

Vendor Google Cloud

Product Looker Studio

Weakness CWE-89 · SQLi

Published November 10, 2025

Last update November 10, 2025

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear

What the vulnerability does

01Description

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 July 2025, and no customer action is needed.

Key dates

02Disclosure timeline

November 10, 2025 CVE published

November 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2025-12397: SQL Injection in Looker Studio

01Description

02Disclosure timeline

03References

04Related CVE