Tenable researchers discovered two vulnerabilities in the Google Looker business intelligence platform that, collectively named LookOut, could allow an attacker with developer permissions to execute remote code and steal sensitive data. Google patched the flaws in late September 2025 and applied fixes to cloud-hosted instances, but self-hosted Looker deployments must be updated to eliminate the risk. #LookOut #GoogleLooker
Keypoints
- Tenable identified two critical vulnerabilities in Google Looker, labeled LookOut.
- The vulnerabilities can lead to remote code execution and full administrative compromise of Looker instances.
- An attacker only needs developer permissions in a target Looker instance to exploit the flaws.
- One flaw allows an authorization bypass and error-based SQL injection to exfiltrate the internal MySQL database, and cloud RCE could enable cross-tenant access.
- Google patched the issues in late September 2025; cloud-hosted instances were updated, but self-hosted users must apply the patch, and no in-the-wild exploitation has been observed.
Read More: https://www.securityweek.com/vulnerabilities-allowed-full-compromise-of-google-looker-instances/