Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Vulnerabilities Allowed Full Compromise of Google Looker Instances

The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration.

Google Looker vulnerabilities

Researchers at cybersecurity firm Tenable discovered two vulnerabilities that could be exploited to fully compromise instances of the Google Looker business intelligence platform.

Google Looker enables organizations to centralize disparate datasets into a unified data layer for creating real-time visualizations, interactive dashboards, and data-driven applications.

Enterprises can use a SaaS version with the Looker instance fully managed by Google Cloud or host it on their own infrastructure. 

Tenable researchers discovered two vulnerabilities affecting the platform that, if exploited, could lead to remote code execution and the exfiltration of sensitive information.

The flaws, collectively known as LookOut, can be exploited by an attacker with developer permissions in the targeted Looker instance.

According to Tenable, the remote code execution vulnerability can enable an attacker to gain full administrative access to the underlying infrastructure. The attacker can steal secrets, manipulate data, or move deeper into the internal network. 

Advertisement. Scroll to continue reading.

“In cloud instances, the vulnerability could potentially lead to cross-tenant access,” Tenable explained.

As for the second flaw, the security firm described it as an “authorization bypass that allowed attackers to attach to Looker’s internal database connections and exfiltrate the full internal MySQL database via error-based SQL injection”.

Google patched the vulnerabilities in late September 2025. While the vendor has applied the patch to its cloud-hosted instances, users of self-hosted instances need to ensure they are running a patched Looker version. 

The tech giant said it found no evidence of in-the-wild exploitation.

Related: DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft

Related: Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks

Related: Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.