CVE-2025-12472
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: GoogleCloud
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| looker | looker | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with a Looker Developer role to manipulate a LookML project and exploit a race condition during the deletion of a Git directory. This exploitation can lead to arbitrary command execution on the Looker instance, potentially compromising the system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to execute arbitrary commands on the Looker instance, which may lead to unauthorized access, data compromise, or disruption of services. Self-hosted instances are at risk unless upgraded to patched versions, while Looker-hosted instances have already been mitigated.
What immediate steps should I take to mitigate this vulnerability?
For Looker-hosted instances, no user action is required as the issue has already been mitigated. For Self-hosted instances, you should upgrade to one of the patched versions as soon as possible. The patched versions are 24.12.103+, 24.18.195+, 25.0.72+, 25.6.60+, 25.8.42+, and 25.10.22+. These versions can be downloaded from the Looker download page at https://download.looker.com/.