Google Looker SQL injection and RCE chain multiple vulnerabilities remote code execution flaw (CVE-2025-12743)
Vulnerability
Summary
Hide ▲
Show ▼
Researchers identified Google Looker flaws that could expose secrets, configurations, and cloud data, including possible cross-tenant access in GCP deployments. One issue is CVE-2025-12743, a SQL injection path into the internal database that stores protected data. The other is a chained RCE exploit that could run arbitrary code on a Looker server, and Google has since fixed both issues and directed on-prem customers to update to secure versions in GCP-2025-052.
Related Happenings
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
Vulnerability
H score32
First: 07.07.2026 19:37
Last: 07.07.2026 19:37
Sources 1
About this happening:
**Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
VulnerabilityAbout this happening: **Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/Mitigation
H score38
First: 29.06.2026 10:06
Last: 29.06.2026 10:06
Sources 1
About this happening:
**NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/MitigationAbout this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical Analysis
H score16
First: 21.05.2026 23:07
Last: 21.05.2026 23:07
Sources 1
About this happening:
Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical AnalysisAbout this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Cursor local SQLite secret-storage exposing credentials security flaw
Vulnerability
H score34
First: 29.04.2026 18:00
Last: 29.04.2026 18:00
Sources 1
About this happening:
A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...
Cursor local SQLite secret-storage exposing credentials security flaw
VulnerabilityAbout this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...
Unit 42 Zealot proves autonomous cloud attack chaining in GCP
Technical Analysis
H score28
First: 23.04.2026 13:00
Last: 23.04.2026 13:00
Sources 1
About this happening:
**Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...
Unit 42 Zealot proves autonomous cloud attack chaining in GCP
Technical AnalysisAbout this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...
Timeline
-
04.02.2026 13:00 2 articles · 5mo ago
Tenable discloses Looker SQL injection and RCE chain
Initial DisclosureOn 2026-02-04, Tenable researcher Liv Matan described two security flaws in Google Looker: CVE-2025-12743, a SQL injection path into Looker's internal database that stores user lists, secrets, and configurations, and a separate remote code execution chain that could run arbitrary code on a Looker server. The findings could let an attacker steal secrets and configurations, perform lateral movement inside the target environment, and, in Google Cloud Platform deployments, potentially reach other tenants' data.
Show sources
- Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil — www.darkreading.com — 04.02.2026 13:00
- Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil — www.darkreading.com — 04.02.2026 13:00