CVE-2025-12397
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-10

Last updated on: 2025-11-12

Assigner: GoogleCloud

Description
A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 July 2025, and no customer action is needed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-10
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12397
EUVD
EUVD-2025-44039
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google looker_studio *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12397 is a critical SQL injection vulnerability in Google Cloud Platform's Looker Studio, specifically affecting reports that use BigQuery as the data source. A user with only report view access could inject malicious SQL commands that would execute with the report owner's permissions. This was possible due to improper sanitization of user-controlled input in the batchedDataV2 HTTP request, allowing attackers to craft specially formed JSON payloads that bypassed input restrictions and injected arbitrary SQL. This enabled attackers to execute SQL queries on behalf of the report owner, potentially compromising data confidentiality and integrity. [1]

Impact Analysis

This vulnerability can allow an attacker with only view-level access to a Looker Studio report to execute arbitrary SQL queries with the report owner's permissions. This can lead to unauthorized data exfiltration, modification, or deletion of any data accessible to the report owner. Essentially, it compromises the confidentiality, integrity, and availability of data within BigQuery or other affected data sources, potentially causing significant data breaches or loss. [1]

Detection Guidance

Detection involves monitoring Looker Studio's batchedDataV2 HTTP requests for suspicious or malformed JSON payloads that include injected SQL code, especially in dynamically generated column aliases. One approach is to capture and inspect network traffic to Looker Studio reports, looking for unusual JSON values that bypass normal restrictions (e.g., containing SQL keywords or scripting commands). Specific commands could include using network traffic capture tools like 'tcpdump' or 'Wireshark' to filter HTTP POST requests to Looker Studio endpoints, then analyzing the JSON payloads for suspicious patterns. However, no explicit detection commands are provided in the available resources. [1]

Mitigation Strategies

The vulnerability was patched by Google on 21 July 2025, and no customer action is needed. Therefore, the immediate mitigation step is to ensure that your Looker Studio environment is updated to the patched version released by Google. Additionally, monitoring for unusual activity related to Looker Studio reports with BigQuery data sources and restricting report view access to trusted users can help reduce risk until the patch is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12397. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart