CVE-2025-4613
Client side RCE in Google Web Designer App
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L
Affected products
Google · Web Designer App