QwikSec

Security Database

CVE

CWE

Training

CVE-2025-12397

Published: Nov 10, 2025

Modified: Nov 10, 2025

PUBLISHED

Description

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 July 2025, and no customer action is needed.

Vendor	Product	Versions
Google Cloud	Looker Studio	affected `0 - < 2025-07-21`

Weaknesses (CWE)

References

https://cloud.google.com/support/bulletins#gcp-2025-053

https://www.tenable.com/security/research/tra-2025-28

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.