Stay organized with collections
Save and categorize content based on your preferences.
Looker vulnerability 2025-04-17
Published: 2025-04-17
Description
Description
Severity
Notes
A vulnerability in Looker allowed users with admin permissions (specifically: manage_project_connections_restricted) in Looker to read files from the underlying host filesystem and query internal network endpoints. This issue is now resolved, and no user action is required for Looker-hosted customers using Looker (Google Cloud core) and Looker (original). Self-hosted Looker instances are advised to update to the latest supported version.
This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page.
What should I do?
For all Looker-hosted instances, including both Looker (Google Cloud core) and Looker (original) instances, there are no actions you need to take.
For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-17 UTC."],[],[]]
