Security Advisory

CVE-2025-12409

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-10 08:59:15

Last updated 2025-11-10 15:16:16

Assigner GoogleCloud

State PUBLISHED

Description

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victims permissions in BigQuery. This vulnerability was patched on 07 July 2025, and no customer action is needed.

← Browse all CVEs View on cve.org ↗