Google Looker Flaws Let Attackers Hijack BI Servers

Researchers at Tenable have disclosed two vulnerabilities in Google Looker that could give attackers complete control over business intelligence servers. The flaws—collectively dubbed "LookOut"—affect self-hosted and on-premises deployments at more than 60,000 organizations across 195 countries.

The first vulnerability chains multiple weaknesses into a remote code execution attack. An attacker who successfully exploits the flaw can run arbitrary commands on the Looker server, steal credentials stored in the system, manipulate analytics data, or pivot deeper into corporate networks. In cloud deployments, the vulnerability could potentially enable cross-tenant access—letting attackers jump between different organizations using the same Looker instance.

The second vulnerability targets Looker's internal management database. Attackers can use specialized data-extraction techniques to steal the platform's "private brain," exposing user credentials, configuration secrets, and sensitive business data stored within the system.

What Makes LookOut Dangerous

Looker serves as the analytics backbone for organizations ranging from startups to Fortune 500 companies. It connects directly to data warehouses, has broad access to business-critical information, and often runs with elevated privileges. Compromising Looker doesn't just give attackers access to dashboards—it provides a window into an organization's most sensitive operational data.

Senior Research Engineer Liv Matan, who led the discovery at Tenable, described the RCE chain as providing "keys to the kingdom." The attack surface extends beyond data theft. Attackers with command execution on BI infrastructure can plant persistent backdoors, exfiltrate data gradually to avoid detection, or use the server as a launchpad for lateral movement techniques into connected systems.

Self-hosted deployments face the highest risk. Google quickly secured cloud-managed Looker instances, but organizations running their own infrastructure must patch manually—and many don't know these vulnerabilities exist.

Detection and Indicators

Organizations should audit their Looker servers for signs of compromise. Tenable identified specific indicators:

• Unauthorized files appearing in .git/hooks/ directories, particularly scripts named pre-push, post-commit, or applypatch-msg
• Unusual SQL errors in logs that could indicate error-based SQL injection attempts targeting internal database connections
• Unexpected outbound network connections from Looker servers

The .git/hooks/ indicator is notable—attackers leveraging the RCE chain may use Git hooks for persistence, ensuring their access survives server restarts or routine maintenance.

Patch Immediately

Google has released fixed versions. Organizations running self-hosted Looker must update to one of the following:

• 25.12.30 or later
• 25.10.54 or later
• 25.6.79 or later
• 25.0.89 or later
• 24.18.209 or later

Versions 25.14 and above are not vulnerable.

The patching situation mirrors challenges we've seen with other enterprise vulnerabilities where self-hosted customers bear responsibility for updates while cloud customers get automatic protection. Organizations that deployed Looker years ago and rarely touch the infrastructure are most likely to remain exposed.

Why This Matters

Business intelligence platforms occupy a privileged position in enterprise architecture. They authenticate to data warehouses, process queries across sensitive datasets, and often store cached credentials for multiple backend systems. A compromise here isn't just about one server—it's about everything that server can reach.

The 60,000+ organization footprint makes LookOut attractive to both opportunistic attackers and targeted operations. Expect scanning for vulnerable Looker instances to increase now that the vulnerabilities are public. CISA's Known Exploited Vulnerabilities catalog provides organizations a reference for prioritizing patches—once exploitation is confirmed, these flaws often get added rapidly. Organizations running Looker outside Google's managed cloud should treat this as a priority patch—the combination of widespread deployment and severe impact is exactly what attackers look for when selecting targets.

For security teams conducting threat hunts, the Git hooks persistence mechanism is worth adding to detection rules. Legitimate Looker deployments shouldn't have unexpected scripts in those directories, making it a reliable indicator of compromise.