CVE-2025-12743 is a SQL injection vulnerability classified under CWE-89 that impacts Google Cloud Looker, specifically in the endpoint responsible for generating new projects from database connections. The issue arises because the 'schemas' parameter is improperly sanitized, allowing attackers to inject malicious SQL commands into SELECT queries executed against Looker's internal MySQL database. The vulnerability is exacerbated by the ability to specify 'looker' as a connection name, which is reserved for Looker's internal database, thus enabling unauthorized access to internal data structures. This flaw requires the attacker to have developer-level permissions within Looker, limiting the attack surface but still posing a significant risk of data exfiltration from the internal database. Both Looker-hosted and self-hosted deployments were found vulnerable; however, Google has already mitigated this issue in Looker-hosted instances, requiring no user action there. Self-hosted instances remain at risk until upgraded to patched versions, which include 24.12.106, 24.18.198+, 25.0.75, 25.6.63+, 25.8.45+, 25.10.33+, 25.12.1+, and 25.14+. The vulnerability has a CVSS 4.0 base score of 6.0, indicating medium severity due to network attack vector, low attack complexity, and required privileges but no user interaction. No known exploits are currently reported in the wild.

For European organizations using self-hosted Google Cloud Looker, this vulnerability poses a risk of unauthorized data disclosure from Looker's internal MySQL database. Since Looker is often used for business intelligence and analytics, sensitive corporate data, including internal metrics, user information, or proprietary analytics, could be exposed. The requirement for developer-level permissions reduces the likelihood of external attackers exploiting this vulnerability directly; however, insider threats or compromised developer accounts could lead to significant data breaches. The impact on confidentiality is high, while integrity and availability are less affected. Organizations relying on Looker for critical decision-making may face operational risks if sensitive data is leaked or manipulated. Compliance with GDPR and other European data protection regulations could be jeopardized if personal or sensitive data is exposed, leading to legal and financial consequences.

European organizations operating self-hosted Looker instances must prioritize upgrading to the patched versions listed by Google immediately to remediate the vulnerability. Additionally, organizations should audit and restrict developer permissions to only trusted personnel, implement robust access controls, and monitor Looker logs for unusual query patterns that may indicate exploitation attempts. Employ network segmentation to isolate Looker internal databases from broader network access. Regularly review and update security policies around database connection naming conventions to prevent misuse of reserved names like 'looker'. Conduct internal penetration testing focusing on SQL injection vectors within Looker environments. Finally, ensure that incident response plans include scenarios involving insider threats and data exfiltration through BI tools.