New 'LeakyLooker' Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
Source: The Hacker News
[Image: Looker Studio]
Cybersecurity researchers have disclosed nine cross‑tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organizations’ Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in the wild. Following responsible disclosure in June 2025, the issues have been addressed by Google.
List of Vulnerabilities
- Cross Tenant Unauthorized Access – Zero‑Click SQL Injection on Database Connectors
https://www.tenable.com/security/research/tra-2025-28 - Cross Tenant Unauthorized Access – Zero‑Click SQL Injection Through Stored Credentials
https://www.tenable.com/security/research/tra-2025-29 - Cross Tenant SQL Injection on BigQuery Through Native Functions
https://www.tenable.com/security/research/tra-2025-27 - Cross‑Tenant Data Sources Leak With Hyperlinks
https://www.tenable.com/security/research/tra-2025-40 - Cross Tenant SQL Injection on Spanner and BigQuery Through Custom Queries on a Victim’s Data Source
https://www.tenable.com/security/research/tra-2025-38 - Cross Tenant SQL Injection on BigQuery and Spanner Through the Linking API
https://www.tenable.com/security/research/tra-2025-37 - Cross‑Tenant Data Sources Leak With Image Rendering
https://www.tenable.com/security/research/tra-2025-30 - Cross‑Tenant XS Leak on Arbitrary Data Sources With Frame Counting and Timing Oracles
https://www.tenable.com/security/research/tra-2025-31 - Cross Tenant Denial of Wallet Through BigQuery
https://www.tenable.com/security/research/tra-2025-41
Impact and Exploitation Scenarios
Successful exploitation of the cross‑tenant flaws could enable threat actors to gain access to entire datasets and projects across different cloud tenants. Attackers might:
- Scan for public Looker Studio reports or obtain private ones that use connectors such as BigQuery, then seize control of the underlying databases and run arbitrary SQL queries across the owner’s GCP project.
- Leverage a logic flaw in the “copy report” feature: when a victim creates a public report (or shares it with a specific recipient) that uses a JDBC‑connected data source (e.g., PostgreSQL), an attacker can clone the report while retaining the original owner’s credentials, allowing deletion or modification of tables.
- Perform one‑click data exfiltration: sharing a specially crafted report forces the victim’s browser to execute malicious code that contacts an attacker‑controlled project, reconstructing entire databases from logs.
“The vulnerabilities broke fundamental design assumptions, revealed a new attack class, and could have allowed attackers to exfiltrate, insert, and delete data in victims’ services and Google Cloud environment,” said security researcher Liv Matan in a report shared with The Hacker News.
“These vulnerabilities exposed sensitive data across Google Cloud Platform (GCP) environments, potentially affecting any organization using Google Sheets, BigQuery, Spanner, PostgreSQL, MySQL, Cloud Storage, and almost any other Looker Studio data connector.”
“The vulnerabilities broke the fundamental promise that a ‘Viewer’ should never be able to control the data they are viewing,” Matan added, noting they “could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets.”