Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2025-12409

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources.

By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's permissions in BigQuery.

This vulnerability was patched on 07 July 2025, and no customer action is needed.

Published: Nov 10, 2025
Updated: Nov 11, 2025
CVE: CVE-2025-12409
Exploit:

No technical information available.

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://cloud.google.com/support/bulletins#gcp-2025-053
https://www.tenable.com/security/research/tra-2025-27

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo