CVE-2025-4613

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:web_designer:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

01 Aug 2025, 22:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:google:web_designer:*:*:*:*:*:*:*:*
CWE CWE-22
References () https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613 - () https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613 - Exploit, Third Party Advisory
First Time Microsoft windows
Microsoft
Google
Google web Designer
Summary
  • (es) Path traversal en las versiones de manejo de plantillas de Google Web Designer anteriores a 16.3.0.0407 en Windows permite a un atacante lograr la ejecución remota de código engañando a los usuarios para que descarguen una plantilla de anuncio maliciosa.

12 Jun 2025, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-12 09:15

Updated : 2025-08-01 22:07


NVD link : CVE-2025-4613

Mitre link : CVE-2025-4613

CVE.ORG link : CVE-2025-4613


JSON object : View

Products Affected

microsoft

  • windows

google

  • web_designer
CWE
CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')