Medium

Authorization bypass and SQL injection in Google Looker internal database project generation

IdentifiersCVE-2025-12743CWE-89· Improper Neutralization of Special…

CVE-2025-12743 affects Google Looker’s endpoint for generating new projects from database connections. The endpoint improperly allows a user to specify a reserved internal connection name for Looker’s internal MySQL database (described as "looker" in the vendor bulletin; related research also references the internal connection name looker__ilooker). By tampering with the connection parameter, a user with developer permissions can bypass intended restrictions and attach a project to Looker’s internal metadata database. The schemas parameter is then vulnerable to SQL injection, allowing manipulation of SELECT queries executed against that internal MySQL database. Supporting research further indicates the internal database stores Looker metadata, users, and permissions, and that exfiltration can be performed through LookML data-test/error-based query techniques. The issue affects both Looker-hosted and self-hosted deployments, though Google states hosted instances have already been mitigated.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a developer-level attacker to read data from Looker’s internal MySQL database, including sensitive instance metadata and potentially user and permission information maintained by Looker internally. This is primarily an unauthorized data access and exfiltration issue rather than direct code execution for this CVE. In self-hosted environments, compromise of internal metadata can facilitate follow-on abuse, privilege mapping, and broader internal compromise. In hosted environments, the vendor states the issue has already been mitigated.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by tightly restricting developer permissions to only trusted administrators and developers, monitoring and reviewing LookML project creation and modification activity, and inspecting requests that reference reserved/internal connection names or anomalous schemas values. Where feasible, limit access paths to administrative/developer interfaces and monitor for SQL error-based exfiltration patterns against internal database connections. These are temporary risk-reduction measures only; patching is required.

Remediation

Patch, then assume compromise.

Upgrade self-hosted Looker to a patched release immediately. The vendor states fixes are available in supported self-hosted versions including 24.12.106, 24.18.198+, 25.0.75, 25.6.63+, 25.8.45+, 25.10.33+, 25.12.1+, and 25.14+. Supporting Tenable research references fixed versions in later release trains as 24.18.209+, 25.0.89+, 25.6.79+, 25.10.54+, 25.12.30+, with 25.14+ unaffected. For managed Looker-hosted instances, Google states the issue has already been mitigated and no customer action is required there.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app

the hacker newsNews

Feb 12, 2026

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

A set/chain of vulnerabilities in Google Looker ("LookOut") enabling full compromise of a Looker instance, including an RCE chain (via Git hook overrides) and an authorization bypass (via internal DB connection abuse), with potential cross-tenant impact and internal database exfiltration.

the hacker newsNews

Feb 12, 2026

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

A set of vulnerabilities in Google Looker (tracked together) enabling an RCE chain and authorization bypass that can lead to full instance compromise and potential cross-tenant access; patched in September 2025.

scworldNews

Feb 6, 2026

Google patches RCE, internal database leak flaws in Looker | SC Media

A vulnerability in Google Looker that allows a user (with developer permissions) to bypass UI restrictions to connect to an internal MySQL metadata database ("looker__ilooker") and exfiltrate data via error-based leakage triggered through Looker features.

tenable blogNews

Feb 4, 2026

Google Looker RCE vulnerabilities: Patch now | Tenable®

An authorization bypass in Google Looker that allows a user to attach a project to an internal (normally restricted) MySQL connection and exfiltrate the full internal Looker database using error-based SQL injection (e.g., updatexml-based error leakage).

+1 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2