CVE-2025-4613 | THREATINT

Description

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template

PUBLISHED Reserved 2025-05-12 | Published 2025-06-12 | Updated 2026-02-26 | Assigner Google

HIGH: 7.1CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version before 16.3.0.0407

affected

Credits

Bálint Magyar finder

References

balintmagyar.com/...-traversal-client-side-rce-cve-2025-4613

cve.org (CVE-2025-4613)

nvd.nist.gov (CVE-2025-4613)

Download JSON