CVE-2025-1079

Published May 12, 2025

Last updated a month ago

CVSS high 7.8

Overview

Description
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
Source
cve-coordination@google.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve-coordination@google.com
CWE-61

Social media

Hype score
Not currently trending

  1. New Google VRP writeup "Client-side RCE via symlink following in Google Web Designer for macOS/Linux: CVE-2025-1079" for a bounty of $11,250 by Bálint Magyar: https://t.co/B4cWdLec5O

    @gvrp_writeups

    22 Apr 2025

    841 Impressions

    7 Retweets

    18 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  2. Client-side RCE via symlink following in Google Web Designer for macOS/Linux: CVE-2025-1079 https://t.co/3rAK51q1sU

    @tbbhunter

    7 Apr 2025

    675 Impressions

    4 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.