CVE-2025-12397
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-12
Assigner: GoogleCloud
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| looker_studio | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12397 is a critical SQL injection vulnerability in Google Cloud Platform's Looker Studio, specifically affecting reports that use BigQuery as the data source. A user with only report view access could inject malicious SQL commands that would execute with the report owner's permissions. This was possible due to improper sanitization of user-controlled input in the batchedDataV2 HTTP request, allowing attackers to craft specially formed JSON payloads that bypassed input restrictions and injected arbitrary SQL. This enabled attackers to execute SQL queries on behalf of the report owner, potentially compromising data confidentiality and integrity. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with only view-level access to a Looker Studio report to execute arbitrary SQL queries with the report owner's permissions. This can lead to unauthorized data exfiltration, modification, or deletion of any data accessible to the report owner. Essentially, it compromises the confidentiality, integrity, and availability of data within BigQuery or other affected data sources, potentially causing significant data breaches or loss. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring Looker Studio's batchedDataV2 HTTP requests for suspicious or malformed JSON payloads that include injected SQL code, especially in dynamically generated column aliases. One approach is to capture and inspect network traffic to Looker Studio reports, looking for unusual JSON values that bypass normal restrictions (e.g., containing SQL keywords or scripting commands). Specific commands could include using network traffic capture tools like 'tcpdump' or 'Wireshark' to filter HTTP POST requests to Looker Studio endpoints, then analyzing the JSON payloads for suspicious patterns. However, no explicit detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was patched by Google on 21 July 2025, and no customer action is needed. Therefore, the immediate mitigation step is to ensure that your Looker Studio environment is updated to the patched version released by Google. Additionally, monitoring for unusual activity related to Looker Studio reports with BigQuery data sources and restricting report view access to trusted users can help reduce risk until the patch is applied. [1]