RCE in Google Cloud Looker

CVE-2025-12155

A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. …

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.012 (64.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References