Researchers have discovered a vulnerability in Google Looker.

Tenable researchers discovered two critical vulnerabilities in Google Looker, collectively dubbed “LookOut,” which enable remote code execution and internal database exfiltration. Attackers with developer permissions could gain full administrative access to Looker’s underlying infrastructure. One flaw involved an RCE chain, while another allowed attaching to Looker’s internal database connections via error‑based SQL injection. Google patched cloud‑hosted Looker instances in late September 2025, but self‑hosted users must manually update to remain protected.

Read more:

https://www.securityweek.com/vulnerabilities-allowed-full-compromise-of-google-looker-instances/