SQL Injection in Google Cloud Looker Studio
CVE-2025-12409
A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attack…
Vulnerability class: SQL Injection
EPSS: 0.002 (13.0th percentile) — read the EPSS interpretation.
Affected products
- Google Cloud Looker Studio — versions 0