Nine critical vulnerabilities in Google Looker Studio could have allowed attackers to execute arbitrary SQL queries across tenant boundaries, potentially exposing sensitive data from BigQuery, Spanner, and other database connectors.
Google's Looker Studio, a popular business intelligence and data visualization platform, has been found to contain nine critical cross-tenant vulnerabilities collectively dubbed "LeakyLooker" by Tenable researchers. These flaws, disclosed responsibly in June 2025 and subsequently patched by Google, could have enabled attackers to execute arbitrary SQL queries across organizational boundaries within Google Cloud environments, potentially exposing sensitive data from multiple database connectors including BigQuery, Spanner, PostgreSQL, MySQL, and Google Sheets.
The Scope of the Vulnerability
The LeakyLooker flaws represent a fundamental breach of tenant isolation principles in cloud computing. According to security researcher Liv Matan, these vulnerabilities "broke fundamental design assumptions, revealed a new attack class, and could have allowed attackers to exfiltrate, insert, and delete data in victims' services and Google Cloud environment." The issues affected any organization using Looker Studio's data connectors, potentially exposing entire datasets and projects across different cloud tenants.
Technical Breakdown of the Flaws
The nine vulnerabilities discovered fall into several categories:
Cross-Tenant SQL Injection Vulnerabilities: Multiple flaws allowed attackers to inject malicious SQL code through various entry points including database connectors, stored credentials, native functions, custom queries, and the linking API. These vulnerabilities affected both BigQuery and Spanner databases, two of Google Cloud's most widely used data warehouse solutions.
Data Source Leakage: Several vulnerabilities enabled unauthorized access to data sources through seemingly innocuous features like hyperlinks, image rendering, and timing oracles. The frame counting and timing oracles vulnerability, for instance, could have allowed attackers to infer the existence and contents of data sources across tenant boundaries.
Denial of Wallet Attack: One particularly concerning vulnerability could have been used to trigger unauthorized billing operations, potentially leading to financial losses for affected organizations.
Zero-Click Exploitation: Several of the SQL injection vulnerabilities were "zero-click," meaning they could be exploited without any interaction from the victim, significantly increasing their potential impact.
Real-World Attack Scenarios
Tenable researchers outlined several practical attack paths that could have been exploited by malicious actors:
Public Report Exploitation: Attackers could scan for public Looker Studio reports or gain access to private ones that use vulnerable connectors like BigQuery. Once accessed, they could seize control of the underlying databases and execute arbitrary SQL queries across the owner's entire GCP project.
Credential Cloning Attack: In scenarios where victims create public reports or share them with specific recipients using JDBC-connected data sources like PostgreSQL, attackers could exploit a logic flaw in the copy report feature. This flaw allowed cloning reports while retaining the original owner's credentials, enabling attackers to delete or modify tables without authorization.
One-Click Data Exfiltration: Perhaps the most concerning attack vector involved sharing specially crafted reports that would force a victim's browser to execute malicious code. This code would contact attacker-controlled projects to reconstruct entire databases from logs, enabling comprehensive data theft with minimal effort.
Impact and Mitigation
While there is no evidence that these vulnerabilities were exploited in the wild before being patched, the potential impact was significant. Organizations using Looker Studio with any of the affected data connectors could have had their sensitive data exposed across tenant boundaries, violating fundamental security assumptions about data isolation in cloud environments.
The vulnerabilities exposed a critical weakness in the principle that a "Viewer" in Looker Studio should never be able to control the data they are viewing. By breaking this fundamental promise, the LeakyLooker flaws could have allowed attackers to exfiltrate or modify data across Google services like BigQuery and Google Sheets.
Google addressed these issues following responsible disclosure, but the discovery highlights the importance of regular security assessments and the need for robust tenant isolation mechanisms in multi-tenant cloud platforms. Organizations using Looker Studio should ensure they have applied all relevant security updates and review their data sharing practices to minimize exposure to similar vulnerabilities in the future.
The LeakyLooker vulnerabilities serve as a reminder that even well-established cloud platforms can contain fundamental security flaws that, if left unaddressed, could have far-reaching consequences for data privacy and security across entire organizations.
Comments
Please log in or register to join the discussion