CVE-2025-12155

HIGH

Google Cloud Looker Command Injection via User Deletion

Title source: llm

Description

A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.100+ * 24.18.192+ * 25.0.69+ * 25.6.57+ * 25.8.39+ * 25.10.22+

References (1)

Core 1

Core References

Various Sources

https://cloud.google.com/support/bulletins#gcp-2025-052

Scores

CVSS v4 7.1

EPSS 0.0117

EPSS Percentile 63.4%

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (6)

Google Cloud/Looker < 24.12.100

Google Cloud/Looker < 24.18.192

Google Cloud/Looker < 25.0.69

Google Cloud/Looker < 25.10.22

Google Cloud/Looker < 25.6.57

Google Cloud/Looker < 25.8.39

Published Nov 10, 2025

Tracked Since Feb 18, 2026