Primary

Context

Looker OIDC Authentication Account Takeover Vulnerability

Vulnerability

A vulnerability allowing account takeover has been identified in Looker instances using OIDC authentication. This issue arises from improper email address string normalization. Both Looker-hosted and self-hosted instances were initially vulnerable, but the problem has been mitigated for Looker-hosted users. Self-hosted instances need to be upgraded promptly to address this vulnerability.

Impact

Exploitation of this vulnerability allows an attacker to take over a Looker account.

Remediation

Self-hosted Looker instances should be upgraded to version 24.12.100, 24.18.193, 25.0.69, 25.6.57, 25.8.39, 25.10.22, or 25.12.0.

Added: Nov 20, 2025, 3:49 PM

Updated: Nov 20, 2025, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

5.7

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

5.7

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Looker OIDC Authentication Account Takeover Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating