Security

"LeakyLooker" discovery reveals nine vulnerabilities in Google Looker Studio, exposing sensitive cloud data

Tenable Research has uncovered a series of security vulnerabilities in Google Looker Studio, dubbed "LeakyLooker," that allowed attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organisations' Google Cloud environments.

The "LeakyLooker" research identified nine novel cross-tenant vulnerabilities. These vulnerabilities exposed sensitive data across Google Cloud environments, potentially affecting any organisation using Google Sheets, BigQuery, Spanner, PostgreSQL, MySQL, Cloud Storage, and almost any other Looker Studio data connector.

Looker Studio is designed to be highly flexible, providing live data, allowing users to connect to almost any data source. Achieving full isolation while providing live data is a difficult task that can be flawed. Tenable researchers demonstrated how Looker Studio’s "Live Data" architecture, designed for real-time report updates, served as an architectural Achilles' heel. Attackers could exploit this through 0-click (no victim interaction) and 1-click (victim opens a malicious website controlled by the attacker) vulnerabilities.

Highlighted is a "Sticky Credential" logic flaw in the "Copy Report" feature that allowed unauthorised users to clone reports while retaining the original owner's credentials, enabling them to delete or modify tables. Another high-impact path involved 1-click data exfiltration, where sharing a specially crafted report forced a victim's browser to execute malicious code that "pinged" an attacker-controlled project to reconstruct entire databases from logs.

"The vulnerabilities broke the fundamental promise that a 'Viewer' should never be able to control the data they are viewing,” said Liv Matan, Senior Research Engineer at Tenable. Our discovery of 'LeakyLooker' vulnerabilities demonstrated a new attack surface that can be abused by attackers in cloud environments."

Following Tenable’s responsible disclosure, Google has patched all nine vulnerabilities globally. To prevent similar future exposures, it is recommended that organisations regularly review who has "View" access to both public and private reports, treat BI connectors as critical entry points to cloud infrastructure, and revoke Looker Studio’s access to any data connectors or services no longer in active use.

List of all nine vulnerabilities:

1. Cross Tenant Unauthorised Access - Zero-Click SQL Injection on Database Connectors - TRA-2025-28

2. Cross Tenant Unauthorised Access - Zero-Click SQL Injection through Stored Credentials - TRA-2025-29

3. Cross Tenant SQL Injection on BigQuery through Native Functions - TRA-2025-27

4. Cross Tenant Data Sources Leak with Hyperlinks - TRA-2025-40

5. Cross Tenant SQL injection on Spanner and BigQuery through Custom Queries on a Victim’s Data Source - TRA-2025-38

6. Cross Tenant SQL Injection on BigQuery and Spanner through the Linking API - TRA-2025-37 7. Cross Tenant Data Sources Leak with Image Rendering - TRA-2025-30

8. Cross Tenant XS Leak on Arbitrary Data Sources With Frame Counting and Timing Oracles - TRA-2025-31

9. Cross Tenant Denial of Wallet through BigQuery - TRA-2025-41