Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2025-12397

A SQL injection vulnerability was found in Looker Studio.

A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source.

This vulnerability was patched on 21 July 2025, and no customer action is needed.

Published: Nov 10, 2025
Updated: Nov 11, 2025
CVE: CVE-2025-12397
Exploit:

No technical information available.

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://cloud.google.com/support/bulletins#gcp-2025-053
https://www.tenable.com/security/research/tra-2025-28

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo