LeakyLooker Vulnerabilities

Cybersecurity researchers have revealed a set of nine cross-tenant vulnerabilities in Google Looker Studio that could have enabled attackers to execute arbitrary SQL queries against victims’ databases and extract sensitive information from organizational environments running on Google Cloud Platform.

The collection of flaws has been collectively named LeakyLooker. Researchers reported the issues through responsible disclosure in June 2025, and the vulnerabilities have since been remediated. At present, there is no evidence indicating that these weaknesses were exploited in real-world attacks.

Security analysts warn that the flaws undermine core architectural assumptions in the platform and introduce a previously unrecognized class of attacks capable of manipulating or extracting data across multiple cloud tenants.

The Nine Vulnerabilities Behind the LeakyLooker Attack Surface

The research identified nine distinct flaws affecting different components of the platform and its data connectors. These vulnerabilities include:

• Cross-tenant unauthorized access through zero-click SQL injection on database connectors
• Cross-tenant unauthorized access via zero-click SQL injection using stored credentials
• Cross-tenant SQL injection targeting BigQuery through native functions
• Cross-tenant data source exposure through hyperlinks
• Cross-tenant SQL injection affecting Spanner and BigQuery through custom queries on a victim’s data source
• Cross-tenant SQL injection through the Looker linking API, affecting BigQuery and Spanner
• Cross-tenant data leakage through image rendering
• Cross-tenant XS-Leak on arbitrary data sources using frame counting and timing-based side channels
• Cross-tenant denial-of-wallet attacks through BigQuery resource consumption

Collectively, these issues could allow adversaries to retrieve, insert, or delete data from victim services operating within Google Cloud environments.

Widespread Exposure Across Data Connectors

The vulnerabilities posed risks to organizations using a wide range of Looker Studio data integrations. The affected ecosystem spans multiple storage platforms and databases commonly used in enterprise environments, including Google Sheets, Google BigQuery, Google Cloud Spanner, PostgreSQL, MySQL, and Google Cloud Storage.

Any organization relying on these connectors in Looker Studio dashboards could potentially have been affected, as the vulnerabilities enabled attackers to traverse tenant boundaries and access resources belonging to different cloud projects.

Exploitation Paths: From Public Reports to Database Control

Attack scenarios outlined by researchers demonstrate how attackers could leverage publicly accessible dashboards or obtain access to privately shared reports. Once access was obtained, malicious actors could exploit the vulnerabilities to seize control of connected databases.

One scenario involved scanning for publicly accessible Looker Studio reports connected to data sources such as BigQuery. Through the exploitation of injection flaws, attackers could execute arbitrary SQL queries across the owner’s entire cloud project, enabling large-scale data extraction.

Another attack path exploited a logic flaw in the report-copying mechanism. When a victim shared a report, either publicly or with specific users, and the report used a JDBC-based data source such as PostgreSQL, attackers could duplicate the report while retaining the original owner’s stored credentials. This flaw allowed unauthorized users to perform actions such as modifying or deleting database tables.

Researchers also demonstrated a high-impact technique enabling one-click data exfiltration. In this scenario, a victim who opened a specially crafted report triggered malicious browser activity that communicated with an attacker-controlled project. Through log analysis and reconstruction, the attacker could rebuild entire databases from the captured data.

Broken Trust Model: Viewer Permissions Turned Against the Platform

The vulnerabilities effectively undermined a core design principle of Looker Studio: the assumption that users with viewer-level access cannot control or influence the underlying data.

By exploiting the discovered weaknesses, attackers could bypass this security boundary and interact directly with connected services. This capability opened the door to unauthorized data extraction, manipulation, and cross-tenant access, affecting services such as BigQuery and Google Sheets.

Although the vulnerabilities have now been patched, the findings highlight the importance of rigorous security design in multi-tenant cloud platforms, where a single logic flaw can cascade into broad cross-environment exposure.