← back
CVE-2025-4613

Client side RCE in Google Web Designer App

CVSS 7.1 HIGHEPSS 0.6%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L