216.73.217.139

CVE-2025-12740

· Published 24/11/2025 12:15 · Modified 25/11/2025 22:16

Labels: CVE-2025-12740 2025-11-24CVE-2025-12740CWE-20f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published
24/11/2025 12:15
Modified
25/11/2025 22:16
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 25.0.93+ * 25.6.84+ * 25.12.42+ * 25.14.50+ * 25.16.44+

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD
View on NVD

References