CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4613: Client side RCE in Google Web Designer App

7.1 CVSS

Description

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template

Classification

CVE ID: CVE-2025-4613

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L

Problem Types

CWE-20 Improper Input Validation

Affected Products

Vendor: Google

Product: Web Designer App

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.19% (probability of being exploited)

EPSS Percentile: 41.8% (scored less or equal to compared to others)

EPSS Date: 2025-06-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4613
https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613

Timeline

2025-06-12 10:40:21 UTC
CVE

Client side RCE in Google Web Designer App