High severityNVD Advisory· Published Nov 10, 2025· Updated Apr 15, 2026

CVE-2025-12405

Description

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors.

A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attached to the report.

This vulnerability was patched on 21 July 2025, and no customer action is needed.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cloud.google.com/support/bulletinsnvd
www.tenable.com/security/research/tra-2025-29nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000