- Description
- Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
- Source
- cve-coordination@google.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:X
- Severity
- HIGH
- cve-coordination@google.com
- CWE-20
- Hype score
- Not currently trending
CVE-2025-4613 Path Traversal in Google Web Designer Pre-16.3.0.0407 Enables Remote Code... https://t.co/0uze3V2mPQ Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
12 Jun 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4613 Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users in… https://t.co/3WkII8FcVK
@CVEnew
12 Jun 2025
406 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New Google VRP writeup "Client-side RCE via improper URL parsing in Google Web Designer for Windows: CVE-2025-4613" for a bounty of $8,500 by Bálint Magyar: https://t.co/VVjtPUQefO
@gvrp_writeups
26 May 2025
684 Impressions
6 Retweets
19 Likes
13 Bookmarks
0 Replies
0 Quotes