RCE in Google Cloud Looker
CVE-2025-12155
A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. …
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.012 (64.3th percentile) — read the EPSS interpretation.
Affected products
- Google Cloud Looker — versions 0