CVE-2025-1079

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:web_designer:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

History

29 Jul 2025, 13:54

Type	Values Removed	Values Added
References	~~() https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079 -~~	() https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079 - Exploit, Third Party Advisory
CWE		CWE-59
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:google:web_designer:::::::: cpe:2.3:o:apple:macos:-:::::::*
First Time		Linux linux Kernel Apple macos Apple Linux Google Google web Designer

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) Client RCE en macOS y Linux a través de una resolución incorrecta de enlace simbólico en la función de vista previa de Google Web Designer

12 May 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-12 20:15

Updated : 2025-07-29 13:54

NVD link : CVE-2025-1079

Mitre link : CVE-2025-1079

CVE.ORG link : CVE-2025-1079

JSON object : View

Products Affected

google

web_designer

apple

macos

linux

linux_kernel

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

CWE-59

Improper Link Resolution Before File Access ('Link Following')

7.8 /10