CVE-2025-4613Improper Input Validation in Google WEB Designer APP

CWE-20Improper Input ValidationCWE-22Path Traversal3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 51.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google WEB Designer APPGoogle WEB Designer
Timeline
PublishedJun 12

Description

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N

Affected Packages2 packages

NVDgoogle/web_designer< 16.3.0.0407
CVEListV5google/web_designer_app< 16.3.0.0407

🔴Vulnerability Details

2
CVEList
Client side RCE in Google Web Designer App2025-06-12
GHSA
GHSA-vwv7-36jv-h55v: Path traversal in Google Web Designer's template handling versions prior to 162025-06-12
CVE-2025-4613 — Improper Input Validation in Google | cvebase