CVE-2025-12414

20.11.2025, 15:17

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable.

This issue has already been mitigated for Looker-hosted.


Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page   https://download.looker.com/ :
  *  24.12.100+
  *  24.18.193+
  *  25.0.69+
  *  25.6.57+
  *  25.8.39+
  *  25.10.22+
  *  25.12.0+

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
GoogleCloud	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Common Weakness Enumeration

CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Vulnerability Media Exposure

[GERMAN] Google Cloud Platform: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Cloud Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Published: 2025-11-19T23:00:00+00:00

References

https://cloud.google.com/support/bulletins#GCP-2025-067