Primary

Context

Looker Denodo Driver Database Connection Vulnerability Allowing Command Execution

Vulnerability

A vulnerability exists in Looker self-hosted instances, where a user with a Developer role can create a database connection using the Denodo driver. By manipulating LookML, the user could cause Looker to execute a malicious command. This issue has been mitigated in Looker-hosted instances, but self-hosted instances need to be upgraded as soon as possible.

Impact

Exploitation allows for the execution of malicious commands on the Looker instance.

Remediation

Self-hosted Looker instances should be upgraded to version 24.12.108+, 24.18.200+, 25.0.78+, 25.6.65+, 25.8.47+, 25.12.10+ or 25.14. Versions prior to 24.12.108, 24.18.200, 25.0.78, 25.6.65, 25.8.47, 25.12.10 and 25.14 are vulnerable.

Added: Nov 24, 2025, 12:18 PM

Updated: Nov 24, 2025, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Looker Denodo Driver Database Connection Vulnerability Allowing Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating