Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-77vr-pq23-x7j9

Опубликовано: 25 нояб. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 7.5

Описание

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.

Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these.

Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :

  • 24.12.108+
  • 24.18.200+
  • 25.0.78+
  • 25.6.65+
  • 25.8.47+
  • 25.12.10+
  • 25.14+

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.

Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these.

Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :

  • 24.12.108+
  • 24.18.200+
  • 25.0.78+
  • 25.6.65+
  • 25.8.47+
  • 25.12.10+
  • 25.14+

Ссылки

EPSS

Процентиль: 20%
0.00065
Низкий

7.5 High

CVSS4

CVE ID

CVE-2025-12742

Дефекты

CWE-78

Связанные уязвимости

nvd логотип

CVE-2025-12742

nvd
3 месяца назад

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.108+ * 24.18.200+ * 25.0.78+ * 25.6.65+ * 25.8.47+ * 25.12.10+ * 25.14+

EPSS

Процентиль: 20%
0.00065
Низкий

7.5 High

CVSS4

CVE ID

CVE-2025-12742

Дефекты

CWE-78