CVE-2025-12743 is an SQL injection vulnerability classified under CWE-89 found in Google Cloud Looker, specifically in the endpoint responsible for generating new projects from database connections. The flaw arises because the 'schemas' parameter is improperly sanitized, allowing attackers to inject malicious SQL commands into SELECT queries executed against Looker's internal MySQL database. The vulnerability is triggered when a user specifies 'looker' as the connection name, which is a reserved internal identifier for Looker's own database. This enables users with developer permissions to extract sensitive data from the internal database, potentially exposing configuration or operational data. Both Looker-hosted and self-hosted deployments were initially vulnerable; however, Google Cloud has already mitigated the issue in hosted environments, requiring no user action. Self-hosted instances remain at risk unless upgraded to patched versions, which include releases 24.12.106, 24.18.198+, 25.0.75, 25.6.63+, 25.8.45+, 25.10.33+, 25.12.1+, and 25.14+. The vulnerability has a CVSS 4.0 base score of 6.0, indicating medium severity, with an attack vector of network, low attack complexity, and requiring privileges at the developer level but no user interaction. The vulnerability impacts confidentiality by allowing unauthorized data extraction but does not affect integrity or availability. No known exploits have been reported in the wild, and the issue was publicly disclosed on November 19, 2025.

For European organizations, the primary impact of CVE-2025-12743 is unauthorized data disclosure from Looker's internal MySQL database, which may contain sensitive configuration, metadata, or operational information. This could lead to further reconnaissance or targeted attacks if attackers gain developer-level access. The vulnerability does not directly compromise data integrity or availability but poses a confidentiality risk. Organizations using self-hosted Looker instances are at higher risk, especially if they have not applied the patches. Since Looker is commonly used for business intelligence and data analytics, exposure of internal data could undermine trust, violate data protection regulations such as GDPR, and lead to compliance issues. The requirement for developer permissions limits the attack surface but insider threats or compromised developer accounts could exploit this vulnerability. Given the lack of known exploits in the wild, the immediate risk is moderate but could escalate if exploit code becomes available.

European organizations should immediately verify whether they operate self-hosted Looker instances and upgrade to the patched versions listed (24.12.106, 24.18.198+, 25.0.75, 25.6.63+, 25.8.45+, 25.10.33+, 25.12.1+, 25.14+). Restrict developer permissions strictly to trusted personnel and implement robust access controls and monitoring to detect unusual query patterns or data access. Employ network segmentation to limit access to Looker internal databases and enforce least privilege principles. Regularly audit Looker configurations and logs for signs of attempted exploitation. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the schemas parameter. Additionally, integrate Looker security updates into the organization's patch management lifecycle to ensure timely remediation of future vulnerabilities.