{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-12414","assignerOrgId":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","state":"PUBLISHED","assignerShortName":"GoogleCloud","dateReserved":"2025-10-28T15:40:31.760Z","datePublished":"2025-11-20T10:32:52.463Z","dateUpdated":"2025-11-20T14:36:38.420Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Looker-hosted"],"product":"Looker","vendor":"Google Cloud","versions":[{"lessThan":"24.12.100","status":"affected","version":"0","versionType":"custom"},{"lessThan":"24.18.193","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.0.69","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.6.57","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.8.39","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.10.22","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.12.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Self-hosted"],"product":"Looker","vendor":"Google Cloud","versions":[{"lessThan":"24.12.100","status":"affected","version":"0","versionType":"custom"},{"lessThan":"24.18.193","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.0.69","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.6.57","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.8.39","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.10.22","status":"affected","version":"0","versionType":"custom"},{"lessThan":"25.12.0","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Sivanesh Ashok"},{"lang":"en","type":"finder","value":"Sreeram KL"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.<div><div>Looker-hosted and Self-hosted were found to be vulnerable.<br><br>This issue has already been mitigated for Looker-hosted.</div><div><br>Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.<br>The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page  <a target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\">https://download.looker.com/</a>:<br><ul><li>24.12.100+</li><li>24.18.193+</li><li>25.0.69+</li><li>25.6.57+</li><li>25.8.39+</li><li>25.10.22+</li><li>25.12.0+<br></li></ul></div></div>"}],"value":"An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable.\n\nThis issue has already been mitigated for Looker-hosted.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page   https://download.looker.com/ :\n  *  24.12.100+\n  *  24.18.193+\n  *  25.0.69+\n  *  25.6.57+\n  *  25.8.39+\n  *  25.10.22+\n  *  25.12.0+"}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":9.2,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-290","description":"CWE-290 Authentication Bypass by Spoofing","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","shortName":"GoogleCloud","dateUpdated":"2025-11-20T10:32:52.463Z"},"references":[{"url":"https://cloud.google.com/support/bulletins#GCP-2025-067"}],"source":{"discovery":"UNKNOWN"},"title":"Looker account compromise via punycode homograph attack","x_generator":{"engine":"Vulnogram 0.4.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-20T14:36:28.073782Z","id":"CVE-2025-12414","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-20T14:36:38.420Z"}}]}}