SQL Injection in Google Cloud Looker Studio

CVE-2025-12409

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attack…

Vulnerability class: SQL Injection

EPSS: 0.002 (13.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References