CVE-2025-12740 is a vulnerability classified under CWE-20 (Improper Input Validation) affecting Google Cloud Looker, specifically when using the IBM DB2 database driver. A user assigned the Developer role can create a database connection leveraging the IBM DB2 driver and manipulate LookML parameters insufficiently filtered by Looker. This manipulation can lead to execution of arbitrary malicious commands on the Looker server, potentially compromising the system's confidentiality, integrity, and availability. The vulnerability affects both Looker-hosted and Self-hosted instances; however, Google has already mitigated the issue for Looker-hosted environments, requiring no user action there. Self-hosted instances remain vulnerable until upgraded to patched versions starting from 25.0.93 and above. The CVSS 4.0 score of 7.7 reflects a high severity, with network attack vector, high complexity, partial privileges required (Developer role), no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability does not require user interaction but does require an authenticated developer-level user, limiting exploitation scope but still posing significant risk if such accounts are compromised or misused. No public exploits have been reported yet, but the potential for command execution makes this a critical issue to address promptly.

For European organizations, this vulnerability poses a significant risk especially to those using Self-hosted Looker instances integrated with IBM DB2 databases. Successful exploitation can lead to unauthorized command execution, potentially resulting in data breaches, data manipulation, service disruption, or lateral movement within the network. Confidential business intelligence data and analytics workflows could be compromised, impacting decision-making and operational continuity. Organizations in sectors such as finance, manufacturing, and government that rely heavily on Looker for data analytics and IBM DB2 for database management are particularly vulnerable. The requirement for a Developer role limits the attack surface but does not eliminate risk, especially if insider threats or compromised developer credentials exist. The impact on availability could disrupt critical reporting and analytics services, while integrity and confidentiality breaches could lead to regulatory non-compliance under GDPR and other European data protection laws.

European organizations should immediately verify if they operate Self-hosted Looker instances with IBM DB2 drivers and upgrade to the patched versions listed (25.0.93+, 25.6.84+, 25.12.42+, 25.14.50+, or 25.16.44+). Restrict Developer role assignments strictly to trusted personnel and implement strong authentication and monitoring for these accounts. Employ network segmentation to limit Looker server access and database connectivity. Enable detailed logging and alerting on LookML changes and database connection creations to detect suspicious activity. Conduct regular audits of user roles and permissions within Looker. Additionally, consider implementing runtime application self-protection (RASP) or web application firewalls (WAF) that can detect and block anomalous command execution attempts. Finally, ensure incident response plans include scenarios for Looker compromise and conduct tabletop exercises to prepare for potential exploitation.