Researchers at cybersecurity firm Tenable discovered two vulnerabilities that could be exploited to fully compromise instances of the Google Looker business intelligence platform.
Google Looker enables organizations to centralize disparate datasets into a unified data layer for creating real-time visualizations, interactive dashboards, and data-driven applications.
Enterprises can use a SaaS version with the Looker instance fully managed by Google Cloud or host it on their own infrastructure.
Tenable researchers discovered two vulnerabilities affecting the platform that, if exploited, could lead to remote code execution and the exfiltration of sensitive information.
The flaws, collectively known as LookOut, can be exploited by an attacker with developer permissions in the targeted Looker instance.
According to Tenable, the remote code execution vulnerability can enable an attacker to gain full administrative access to the underlying infrastructure. The attacker can steal secrets, manipulate data, or move deeper into the internal network.
“In cloud instances, the vulnerability could potentially lead to cross-tenant access,” Tenable explained.
As for the second flaw, the security firm described it as an “authorization bypass that allowed attackers to attach to Looker’s internal database connections and exfiltrate the full internal MySQL database via error-based SQL injection”.
Google patched the vulnerabilities in late September 2025. While the vendor has applied the patch to its cloud-hosted instances, users of self-hosted instances need to ensure they are running a patched Looker version.
The tech giant said it found no evidence of in-the-wild exploitation.
Related: DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft
Related: Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks
Related: Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant
