Cybersecurity experts have revealed nine vulnerabilities in Google Looker Studio that posed significant threats to cloud security. These flaws, known collectively as LeakyLooker, had the potential to allow malicious actors to execute arbitrary SQL queries, compromising sensitive data within Google Cloud environments. Despite the severity, there is no evidence that these vulnerabilities were exploited before they were resolved by Google following responsible disclosure in June 2025.
Understanding the LeakyLooker Vulnerabilities
The LeakyLooker vulnerabilities were identified by the cybersecurity firm Tenable. These flaws disrupted essential design principles and identified a new class of attacks. They posed a risk of unauthorized data exfiltration, insertion, and deletion within affected Google Cloud services. Liv Matan, a security researcher, emphasized that these vulnerabilities could have exposed sensitive information across various Google Cloud Platform (GCP) environments, impacting services like Google Sheets, BigQuery, and Cloud Storage.
Exploitation of these cross-tenant vulnerabilities would allow attackers access to extensive datasets across different cloud tenants. Attackers could potentially manipulate public or private Looker Studio reports that used certain connectors, gaining control over entire databases and executing arbitrary SQL operations across the victim’s cloud projects.
Implications for Cloud Security
The vulnerabilities highlighted a critical flaw in how data security is managed across cloud services. In scenarios where a victim shared a report publicly or with specific individuals and used a JDBC-connected source, attackers could exploit a logic flaw in the report copying feature. This flaw allowed them to duplicate reports while maintaining the original owner’s credentials, enabling unauthorized data modifications.
Another severe vulnerability involved one-click data exfiltration. By sharing a specially crafted report, attackers could force a victim’s browser to execute malicious code, which could then contact an attacker-controlled project to reconstruct entire datasets from log files. This demonstrated how attackers could bypass the fundamental security promise that viewers should not control the data they access.
Future Outlook and Mitigations
Addressing these vulnerabilities is crucial for maintaining trust in cloud-based services. Google has taken steps to resolve these issues, ensuring that cloud environments remain secure. As cloud services continue to grow, it is imperative for organizations to remain vigilant and proactive in identifying and addressing potential security flaws.
The exposure of LeakyLooker vulnerabilities serves as a reminder of the importance of continuous security assessments and the implementation of robust security practices. Organizations are encouraged to conduct regular audits of their cloud environments and to stay informed about potential threats to safeguard their data integrity and security.
