CVE-2025-12409

Name of the Vulnerable Software and Affected Versions Looker Studio versions prior to 07 July 2025

Description A SQL injection issue was identified in Looker Studio, potentially allowing unauthorized data exfiltration from BigQuery data sources. An attacker could create a malicious report with native functions enabled. When a victim accesses this report, the attacker could execute injected SQL queries using the victim’s permissions within BigQuery. The API endpoint used for this attack is not specified. The vulnerable parameter is not specified. The function executeSQL() is potentially involved.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.