Back to search
CVE-2025-12409
Published: Nov 10, 2025
Modified: Nov 10, 2025
PUBLISHED
Description
A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's permissions in BigQuery. This vulnerability was patched on 07 July 2025, and no customer action is needed.
| Vendor | Product | Versions |
|---|---|---|
Google Cloud | Looker Studio | affected 0 - < 2025-07-07 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now