CVE-2025-12414

216.73.216.31

· Published 20/11/2025 15:17 · Modified 21/11/2025 15:13

Labels: CVE-2025-12414 2025-11-20 CVE-2025-12414 CWE-290 f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published: 20/11/2025 15:17
Modified: 21/11/2025 15:13
Author: —
Creator: —
CVSS: 9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.100+ * 24.18.193+ * 25.0.69+ * 25.6.57+ * 25.8.39+ * 25.10.22+ * 25.12.0+

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD: View on NVD

CVE-2025-12414

Essential information

CVSS metrics

Description

NVD status

References