Race Condition Vulnerability in Looker by Google Cloud
CVE-2025-12472

7.1HIGH

Key Information:

Vendor: Google Cloud
Status: Looker
Vendor: CVE Published:; 19 November 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-12472?

A race condition vulnerability exists in Looker where an attacker with a Developer role could manipulate a LookML project to exploit a timing issue during the deletion of Git directories. This exploitation could allow arbitrary command execution on affected Looker instances. While Looker-hosted instances have been mitigated automatically, users of self-hosted versions should promptly upgrade to the latest versions identified, which have been patched to safeguard against this issue.

Affected Version(s)

Looker Looker-hosted 0 < 24.12.103

Looker Looker-hosted 0 < 24.18.195

Looker Looker-hosted 0 < 25.0.72

References

https://cloud.google.com/support/bulletins#gcp-2025-052

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

RyotaK of GMO Flatt Security Inc.

JSON