CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Vulnerabilities in Google Looker Enable Cross-Tenant RCE and Data Exfiltration

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Researchers discovered two critical vulnerabilities in Google Looker, a business intelligence and data analytics platform used by over 60,000 companies. The first vulnerability, tracked as CVE-2025-12743, allows SQL injection to access sensitive internal databases containing user lists, secrets, and configurations. The second vulnerability enables remote code execution (RCE) on Looker servers, potentially allowing attackers to access highly sensitive data and perform lateral movement within compromised environments. In cloud deployments, this RCE could also facilitate access to other tenants' cloud environments and data. Google has patched these vulnerabilities, but organizations using on-premises deployments must manually update to secure versions, facing challenges such as system downtime, compatibility testing, and shadow IT issues.

Timeline

  1. 04.02.2026 13:00 1 articles · 11h ago

    Critical Vulnerabilities in Google Looker Patched

    On February 4, 2026, researchers disclosed two critical vulnerabilities in Google Looker. The first vulnerability, CVE-2025-12743, allows SQL injection to access sensitive internal databases. The second vulnerability enables remote code execution (RCE) on Looker servers, potentially allowing attackers to access highly sensitive data and perform lateral movement. Google has patched these vulnerabilities, but organizations using on-premises deployments must manually update to secure versions.

    Show sources
    Open in new tab

Information Snippets

  • Looker is a business intelligence and data analytics platform used by over 60,000 companies, including Wayfair, Coinbase, and Walmart.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources

  • The first vulnerability, CVE-2025-12743, allows SQL injection to access Looker's internal database, which stores user lists, secrets, and configurations.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources

  • The second vulnerability enables remote code execution (RCE) on Looker servers, potentially allowing attackers to access sensitive data and perform lateral movement.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources

  • In cloud deployments, the RCE vulnerability could allow attackers to access other tenants' cloud environments and data.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources

  • Google has patched the vulnerabilities, but on-premises deployments require manual updates.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources

  • Organizations face challenges in updating Looker due to potential system downtime, compatibility testing, and shadow IT issues.

    First reported: 04.02.2026 13:00
    1 source, 1 article
    Show sources